[英]SecureRandom.hex() vs SecureRandom.random_bytes() for key generation in Rails with attr_encrypted
The docs for attr_encrypted
say that I must store the results of key = SecureRandom.random_bytes(32)
on the model. attr_encrypted
的文档说我必须将key = SecureRandom.random_bytes(32)
的结果存储在 model 上。 I think that it would be more secure to have this key stored as an ENV variable.我认为将此密钥存储为 ENV 变量会更安全。 I am also accustomed to running
rake secret
for my ENV variables.我也习惯于为我的 ENV 变量运行
rake secret
。 rake secret
relies on SecureRandom.hex()
. rake secret
依赖于SecureRandom.hex()
。
I'm wondering two things:我想知道两件事:
hex()
vs random_bytes()
? hex()
与random_bytes()
?SecureRandom#hex
is defined here as: SecureRandom#hex
在这里定义为:
def hex(n=nil)
random_bytes(n).unpack("H*")[0]
end
so the data generated by them is exactly the same, just the format differs.所以它们生成的数据是完全一样的,只是格式不同而已。
As for encryption keys, it's up to you and the way you host your app.至于加密密钥,这取决于您和您托管应用程序的方式。 If it's on a server you control, an uncommitted config file is fine (though environment variable approach still works, obviously).
如果它在您控制的服务器上,则未提交的配置文件很好(尽管显然环境变量方法仍然有效)。 If you are hosting on eg Heroku, an environment variable is the way to go.
如果您托管在例如 Heroku 上,则环境变量是通往 go 的方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.