Closed magikstm closed 4 years ago
Current JwtSecret length is vulnerable to bruteforce being only 32 bytes.
It's length should be increased to at least 512 bit (64 bytes) (same length as default JWT algorithm hash key length).
Ref: https://github.com/tarent/loginsrv/blob/master/login/config.go#L21
Current JwtSecret length is vulnerable to bruteforce being only 32 bytes.
It's length should be increased to at least 512 bit (64 bytes) (same length as default JWT algorithm hash key length).
Ref: https://github.com/tarent/loginsrv/blob/master/login/config.go#L21