GithubHelp home page GithubHelp logo

Comments (4)

M393 avatar M393 commented on June 3, 2024 2

32 characters are 32 bytes! Why do you think it is 16 bytes?

In the documentation the function sodium_hex2bin is used which converts the 64 hex characters to 32 bytes. But you aren't using it in your config, so there it is 64 bytes.

from phpmyadmin.

MauricioFauth avatar MauricioFauth commented on June 3, 2024 1

I think accepting a 64-char hex string and then phpMyAdmin converts it to binary internally is reasonable.
What do you think @williamdes?

from phpmyadmin.

williamdes avatar williamdes commented on June 3, 2024

I think accepting a 64-char hex string and then phpMyAdmin converts it to binary internally is reasonable. What do you think @williamdes?

I agree, let's be more flexible

from phpmyadmin.

StefanRacoveanu avatar StefanRacoveanu commented on June 3, 2024

I see that the check that produced the error is here:

phpmyadmin/src/Controllers/HomeController.php

Line 328 in b2c9cbc

} elseif ($encryptionKeyLength > SODIUM_CRYPTO_SECRETBOX_KEYBYTES) {

The above check is called by the __invoke() function in the HomeController:

phpmyadmin/src/Controllers/HomeController.php

Line 216 in b2c9cbc

$this->checkRequirements();

I believe that the best course of action is to add a check if the string is 64 characters long after which check if the string is hexadecimal using the ctype_xdigit() function. If this check is also true, then use the hex2bin() function to convert the string and override the original blowfish_secret. If any of the checks fail the blowfish_secret should remain unchanged.

Also, the documentation should be changed to reflect the change in behaviour. Should I change that in the same PR?

@MauricioFauth What do you think?

from phpmyadmin.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.