Is it safe to change the 'Security.salt' line to a more lengthy string {64 hex key}

Question

I have changed the

Configure::write('Security.salt', '############');

value in the file

config/core.php

file to a '256-bit hex key'. Is it safe or a good practice to change these lines for every different installation of cakephp application or shall I revert back to the original ?

I also changed the

Configure::write('Security.cipherSeed','7927237598237592759727');

to a different one of more length.

Please throw some light on this.

Thanks

score 3 · Accepted Answer · edited May 23 '17 at 12:13

3

It is absolutely necessary that you change the salt values. When you do a clean install of CakePHP the default home page will give a warning if you have not changed the salt value.

On the salt length, see this discussion: What is the optimal length for user password salt?

edited May 23 '17 at 12:13

Community

1
1

answered May 13 '10 at 07:55

nduplessis

11,882
2
34
53

Is it safe to change the 'Security.salt' line to a more lengthy string {64 hex key}

1 Answers1