Page 1 of 1
How many charachter count is recommanded for Encryption Key?
Posted: Fri Aug 30, 2024 10:07 pm
by parkookk
Hi,
I was wondering the following question:
1- How many charachter count is recommanded for Encryption Key in the "setting>server"
2- What type of Encryption is OC3038 using?
3- What are the limitation? (special characters etc.)
4- Will a password generator tool suffice?
Thanks
Re: How many charachter count is recommanded for Encryption Key?
Posted: Sun Sep 01, 2024 9:04 am
by halfhope
parkookk wrote: ↑Fri Aug 30, 2024 10:07 pm
Hi,
I was wondering the following question:
1- How many charachter count is recommanded for Encryption Key in the "setting>server"
2- What type of Encryption is OC3038 using?
3- What are the limitation?
4- Will a password generator tool suffice?
Thanks
1. From 32 to 1024
2. Openssl_encrypt aes128
4. Yes.
Re: How many charachter count is recommanded for Encryption Key?
Posted: Wed Sep 25, 2024 8:05 pm
by parkookk
Thanks, I just did a quick research on how Openssl_encrypt aes128 works and it appears if I use more than 16 characters, it will still provide a same security, the only diffrence would be the more the characters are the more antropy as the system might hash it or truncate it to fit the 16-byte requirement of AES-128.
Re: How many charachter count is recommanded for Encryption Key?
Posted: Thu Sep 26, 2024 12:31 am
by ADD Creative
The encryption is only use by few of the payment extensions, probably unnecessarily. It's of limited use as it doesn't support authentication.
Re: How many charachter count is recommanded for Encryption Key?
Posted: Thu Oct 03, 2024 10:23 pm
by parkookk
Thanks,
3- What are the characters limitation in opencart passwords in setting, database etc? (special characters, symbols, etc.)
Re: How many charachter count is recommanded for Encryption Key?
Posted: Thu Oct 03, 2024 11:57 pm
by ADD Creative
The passwords will be hashed so there should be no limitation, apart from maybe the database one, which will be down to the database.