Is it safe to change the 'Security.salt' line to a more lengthy string {64 hex key}

Question

Hi everyone,

I have changed the

Configure::write('Security.salt', '############');

value in the file

config/core.php

file to a '256-bit hex key'. Is it safe or a good practice to change these lines for every different installation of cakephp application or shall I revert back to the original ?

I also changed the

Configure::write('Security.cipherSeed','7927237598237592759727');

to a different one of more length.

Please throw some light on this.

Thanks

Answer 1

It is absolutely necessary that you change the salt values. When you do a clean install of CakePHP the default home page will give a warning if you have not changed the salt value.

On the salt length, see this discussion: http://stackoverflow.com/questions/184112/what-is-the-optimal-length-for-user-password-salt