Reputation: 2128
SecureRandom.hex() vs SecureRandom.random_bytes() for key generation in Rails with attr_encrypted
The docs for attr_encrypted say that I must store the results of key = SecureRandom.random_bytes(32) on the model. I think that it would be more secure to have this key stored as an ENV variable. I am also accustomed to running rake secret for my ENV variables. rake secret relies on SecureRandom.hex().
I'm wondering two things:
- Am I right to assume that the encryption key should be stored as an ENV variable?
- Is there any difference in key encryption strength between either of the two SecureRandom methods?
hex()vsrandom_bytes()?
Upvotes: 0
Views: 1125
Answers (1)
Reputation: 198324
SecureRandom#hex is defined here as:
def hex(n=nil)
random_bytes(n).unpack("H*")[0]
end
so the data generated by them is exactly the same, just the format differs.
As for encryption keys, it's up to you and the way you host your app. If it's on a server you control, an uncommitted config file is fine (though environment variable approach still works, obviously). If you are hosting on e.g. Heroku, an environment variable is the way to go.
Upvotes: 1
Related Questions
- Ruby SecureRandom.hex producing only digits
- Why is `Rails.application.key_generator.generate_key` generating different output?
- Secure Random hex digits only
- How to generate encryption key for use with attr_encrypted
- Security of rand in ruby compared to other methods
- How to convert a hexadecimal string back to it's 'SecureRandom.random_bytes' binary?
- OpenSSL Random bytes in Ruby vs Elixir
- Does SecureRandom generates a unique string or do I have to check?
- Generate random string, without SecureRandom
- attr_encrypted with rails