To improve the encryption and decryption algorithm strength, change the salt value length to 16 bits. #42038
Replies: 3 comments
-
The characters is taken from an alpanumeric alphabet consisting of 62 characters, so each random character from that set adds 59.5 bits of entropy is a very big number, and it is highly unlikely that the same number will be generated twice with such a large set of salts (and even less likely for the same password). It doesn't hurt adding a few extra characters to the salt, but I don't think it'll have any measurable impact on security, as what we need here is something unique and 60 bits should give plenty of room for uniqueness here. |
Beta Was this translation helpful? Give feedback.
-
So, based on @sakjur's comment, we need to figure out if this request actually makes sense. |
Beta Was this translation helpful? Give feedback.
-
Hello, as you may have heard, we are transitioning away from using discussions to discuss feature requests. Due to the age and number of responses to this discussion, we are deciding to close it. If this is something you would like to see in Grafana, feel free to open an issue so the discussion can continue. Thank you! |
Beta Was this translation helpful? Give feedback.
-
hi, we have check the source code of Grafana and found that the salt used for encrypting the Grafana account is a 10-digit character string. Is the length of salt not enough for security? we think that the salt value could be changed to 16 characters to improve the encryption and decryption algorithm strength. somebody help ?
Beta Was this translation helpful? Give feedback.
All reactions