On 1/31/02 11:24 AM, "Martin Redington" <[EMAIL PROTECTED]> wrote:
> I think this is just a warning. DES only wants an 8 byte key, but you've > passed it more than that many bytes ... > > On Thursday, January 31, 2002, at 04:10 PM, Jeremy Schwartz wrote: > >> I get the following error while trying to run a cgi >> >>> keysize is greater than allowed keysize of 8 for cipher Crypt::DES - >>> using only >>> first 8 bytes at /Library/WebServer/CGI-Executables/verify_install.cgi >>> line 272 Proper key generation is critical to using any good cryptography system. You should NEVER use text that was inputed by a user as the actual key. Two alternatives exist: 1) Run the keytext through MD5 or SHA to get your 8-byte key. This is only minimally secure, but it does have the advantage of not requiring any sort of key management system. 2) Use the keytext as a passphrase to protect a randomly generated key is even better (if a bit more cumbersome). Key management is needed here. In both cases, force the user to input a relatively long keyphrase or passphrase (much, much, longer than 8 bytes). Cheers, Rob ............................................................................ Robert S. Mah Decibel Software, Inc. [EMAIL PROTECTED]
