Warn if bad key used
david-a-wheeler opened this issue · 3 comments
There are many reasons someone might choose to use a bad key, but it might be useful to emit a warning when a bad key is used. That's especially since the older documentation easily encouraged bad keys.
Perhaps there should be a routine called during initialization that detects certain kinds of bad keys and sends a warning to standard error.
There's no need to detect ALL bad keys, just detecting a few especially-like errors would probably help:
- The obvious case to me is "all bytes <128". The probability of this being true for a good key is (128./256)**32*100% = 2.3283064365386963e-08%, but it's pretty common in real life to use simple ASCII text as a key. This also covers "all bit 0s".
- "All bytes identical" is another common key.
- "SHA-256 of the empty string": "\xE3\xB0\xC4B\x98\xFC\x1C\x14\x9A\xFB\xF4\xC8\x99o\xB9$'\xAEA\xE4d\x9B\x93L\xA4\x95\x99\exR\xB8U"
You could have an option "validate: false" or "warn: false" to disable warnings (say, for testing). Then users could include "warn: Rails.test?" or similar depending on the framework in use, if they want to use bad keys for tests.
To add onto this, it would also be great to emphasize WHY it's a bad key. With hex to bytes now being part of 0.3, it would be great to add why hex to bytes is even done. Answering why bytes is chosen over hex would help educate.
I'm planning to write a short post on the topic of secure key generation, but I think the 32-byte length and binary checks should be enough.
Here's my post on it. Let me know if you have any feedback.