-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to generate keys? #5
Comments
If you want a random 256-bit key, all you have to do is generate 32 bytes and then run it through :crypto.strong_rand_bytes(32) |> Base.encode64 A random key is more secure than one based on a set of keywords. However, if you were going to use a keyword, your approach seems reasonable. Just be aware that if you use a keyword, it's just as subject to guessing as a password would be, and When I do BCrypt in Elixir, I use the Comeonin library. |
Got it, thanks! :) |
He @danielberkompas, I wasn't sure whether to comment here or open another issue... Thanks for cloak! It's great. I think it would be helpful to add details back to If you're up for that I'd be glad to put in a PR. |
I'll add it into the docs soon. It's pretty simple: :crypto.strong_rand_bytes(32) If you intend to store your key in an environment variable, you'll need to Base64 encode/decode it as shown in the docs. 32
|> :crypto.strong_rand_bytes()
|> Base.encode64() |
And if the key gets lost, all data encrypted with it will become useless (non-recoverable), true? |
This is a question and a proposal to add a little guide about key generation.
I tried myself, but I'm not sure if I'm doing right.
I followed this article about hash functions.
So, to generate the key I'm doing something like:
And them, I use this as my key:
@danielberkompas Is there a better and more secure way (or tool) for generating those keys?
What do you think about adding a little guide in the README.md? I can get this if you agree.
BTW, thanks for this library! It's awesome! 😃
The text was updated successfully, but these errors were encountered: