David Weldon
Reputation: 64342
express secret key length
Are there any recommendations for the length of the secret key used to cryptographically hash session data in connect/express? I see everything from 60+ character strings to the canonical 'keyboard cat'.
For my immediate use case, I intend to use SSL for the entire site and the payoff for a brute-force attack is medium to low.
Upvotes: 2
Views: 645
Answers (1)
freakish
Reputation: 56557
Obviously the longer the better, but making it 60+ is a bit overkill. If the key is a random string ( which it should be ), then do you realize how many combinations you can get with 60 characters? A lot. :)
Upvotes: 1
Related Questions
- express-session secure: true
- express-session should secret be static or dynamic?
- Importance of session secret key in Express web framework
- Expressjs - Ideal Session Secret Size
- I want to know about the vulnerability of Secret key passed as config in express-session
- node express sessions - does secret need to be unique somehow?
- What is a secure session secret?
- `req.session.secret` not defined in routes using express-session
- express session key property
- express.js understanding sessions security