Re: What should I use as my Munkchin API private key?

Anonymous · ‎11-07-2016

Hey all,

Looking at existing posts, I am able to create my own private key value. Are there best practices on what this should be (should I use numbers and characters)? Or can it be something as simple as "CompanyNameAPI"?

SanfordWhiteman · ‎11-07-2016

There's an exact answer to this: if you abide by the common NIST recommendation (as a US-based company, this is a good idea) it should contain a minimum of 112 bits of entropy as it will be used as a SHA-1 key.

If you confine yourself to case-insensitive hex characters (0–9, A-F) 112 bits = 28 random characters.

If you use the wider (a-z, A-Z, 0–9) range then you need 22 characters. And so on.

You should use an online random key generator to gen the key. Don't try to hand-enter it if you want real randomness (the key won't be hand-entered later so it is easily machine-generated).

View solution in original post

Jim_Thao7 · ‎11-07-2016

Best Practice: Use something that nobody else can figure out easily <--- Good Luck

This principal should/can be used to generate any type of key, such as passwords.

SanfordWhiteman · ‎11-07-2016

There's an exact answer to this: if you abide by the common NIST recommendation (as a US-based company, this is a good idea) it should contain a minimum of 112 bits of entropy as it will be used as a SHA-1 key.

If you confine yourself to case-insensitive hex characters (0–9, A-F) 112 bits = 28 random characters.

If you use the wider (a-z, A-Z, 0–9) range then you need 22 characters. And so on.

You should use an online random key generator to gen the key. Don't try to hand-enter it if you want real randomness (the key won't be hand-entered later so it is easily machine-generated).

Anonymous · ‎11-08-2016

awesome thank you so much Sanford!

Gaurav · ‎02-10-2021

Is there any recommended key generator for this?

SanfordWhiteman · ‎02-10-2021

No, but see my update on your other thread as it's not necessary at all anymore.