Secrets Greater Than 32bytes?

fernet / fernet-rb

Delicious HMAC Digest(if) authentication and AES-128-CBC encryption

MIT License

89 stars 22 forks source link

Secrets Greater Than 32bytes? #27

Closed naaman closed 10 years ago

naaman commented 10 years ago

Why can't I use a secret greater than 32 bytes?

This works:

irb(main):003:0> Fernet.generate(SecureRandom.hex(16), 'hiyoooooo')
=> "gAAAAABTtH5LFC_63L4yiXBuXXXmdlpj5DZeWAYO9bgszi5thokVoy8jLS_hru0W6hT1VOfaWweYHh_QlFatpWnOtqz4sOPzHA=="

This doesn't???

irb(main):007:0> Fernet.generate(SecureRandom.hex(40), 'hiyoooooo')
Fernet::Secret::InvalidSecret: Secret must be 32 bytes, instead got 60

hgmnz commented 10 years ago

What's the use case for a larger key? We chose a key size required to cut it in half and use one part for HMAC signing and the other for encryption.

hgmnz commented 10 years ago

Gonna close this issue, reopen if you'd like to discuss.