[Doc] Potentially confusing encryption documentation
Bug #1401087 reported by
Raghavendra D Prabhu
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Percona XtraBackup moved to https://jira.percona.com/projects/PXB |
Fix Released
|
Low
|
Hrvoje Matijakovic | ||
2.1 |
Invalid
|
Undecided
|
Unassigned | ||
2.2 |
Fix Released
|
Low
|
Hrvoje Matijakovic | ||
2.3 |
Fix Released
|
Low
|
Hrvoje Matijakovic |
Bug Description
generate a key for aes256-cbc (which expects a 32-byte key) but discard it and use its iv instead.
This may be confusing for users since you don't need enc here (which also does message digest and several rounds over the password, and the Password provided on cli has no connection to iv generated) since a
< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;
or
openssl rand -base64 32
will do.
(Because xtrabackup directly asks for a key rather than derive it from a password using a KDF (which is in itself a bug), it doesn't matter how you get a key, any random 32-char string will do).
summary: |
- Potentially confusing encryption documentation + [Doc] Potentially confusing encryption documentation |
To post a comment you must log in.
OK, I think the example in the doc is correct. But if it looks ambiguous to someone, let's replace it with something more simple like "openssl rand -base64 32".