I'm seeing that the salt is limited in usable length (contrary to popular assumptions that you should use a "long random string"). For example, here's a session:
It doesn't seem to matter what the contents of the salt are, it's always 43 characters.
I can't immediately see the cause of this - it may be something to do with the length of the alphabet (62) minus the length of the separators (14) and something else. It doesn't seem to be dependent on the length of the number encoded (I tried 8, 16,32,64 and 128 bit numbers).
I'm not sure if this is a bug, an undocumented feature or my (mis)understanding, but thought it worth raising as consumers of this library do indeed recommend "a long and secure salt value...". If it is an undocumented feature, some explanation of why 43 characters would probably be helpful.
(edit: By chance, this also happens to be issue #43 :-) )
I'm seeing that the salt is limited in usable length (contrary to popular assumptions that you should use a "long random string"). For example, here's a session:
It doesn't seem to matter what the contents of the salt are, it's always 43 characters.
I can't immediately see the cause of this - it may be something to do with the length of the alphabet (62) minus the length of the separators (14) and something else. It doesn't seem to be dependent on the length of the number encoded (I tried 8, 16,32,64 and 128 bit numbers).
I'm not sure if this is a bug, an undocumented feature or my (mis)understanding, but thought it worth raising as consumers of this library do indeed recommend "a long and secure salt value...". If it is an undocumented feature, some explanation of why 43 characters would probably be helpful.
(edit: By chance, this also happens to be issue #43 :-) )