How to change standard password key for account data encryption in Files-plugin.
klausade last edited by
According to /etc/kopano/webapp/config-files.php we should change standard password key for account data encryption. The file only documents how many characters and bits should be used (bits and characters…) . It would be better if that file also documented how this should be chanced. Now it just says:
- Standard password key for account data encryption. We recommend to change the default value for security reasons
- and a length of 16 characters. Data is only encrypted when the openssl module is installed
- IV vector should be 8 bits long
I used this:
$ head -c 8 /dev/urandom | xxd -ps
$ head -c 4 /dev/urandom | xxd -ps
Thinking about it, I should also been able to use “pwgen -s -y 16 1” and “pwgen -s -y 8 1”, probably better.
On another note, the file /etc/kopano/webapp/config-files.php is readable by all, wouldn’t it be better if the owner of that file was www-data, and not readable by all? This is on Debian 8.10 with kopano-webapp-plugin-files 126.96.36.199+26.1