What is a blowfish secret in phpMyAdmin?

Question

About setting up the config.inc.php, the official phpMyAdmin docs says

$cfg['blowfish_secret'] = 'theExampleWrites16ValuesHere';  // use here a value of your choice

What is a blowfish secret? How do I generate, or choose, a value?

Answer 1

Simply use any random string of characters and/or numbers that you like. It is a value that will be unique to your instance and use of phpMyAdmin.

Answer 2

Go to phpMyadmin Directory and open the config file >> /phpMyadmin/config.inc.php

Locate >> $cfg['blowfish_secret'] = ''; / YOU MUST FILL IN THIS FOR COOKIE AUTH! /

Enter a string which should be not less than 32 characters. {You can include Number, Characters&SpecialCharacters} Save and reload the page (//yourdomainname.*/phpmyadmin) and log in again. That should fix the error.

Ref: https://wiki.archlinux.org/index.php/PhpMyAdmin#Add_blowfish_secret_passphrase

Thanks and Regards

Answer 3

go to /var/lib/phpmyadmin/blowfish_secret.inc.php and add some caracters to be 32 in length like this:

$cfg['blow_secret'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

save file and refresh phpMyAdmin.

Answer 4

If you have PHP available, you can add this to a shell script to build out the phpMyAdmin installation:

export SECRET=`php -r 'echo base64_encode(random_bytes(24));'`
echo "\$cfg['blowfish_secret'] = '$SECRET';" \
    >> /path/to/phpmyadmin/config.inc.php

Answer 5

The doc describes what blowfish secret is in phpMyAdmin,

The “cookie” auth_type uses AES algorithm to encrypt the password. If you are using the “cookie” auth_type, enter here a random passphrase of your choice. It will be used internally by the AES algorithm: you won’t be prompted for this passphrase.

The secret should be 32 characters long. Using shorter will lead to weaker security of encrypted cookies, using longer will cause no harm.

So you can use any 32 or longer chain of characters for this purpose. Even though the doc says a longer key wouldn't cause any harm, it apparently expects a key exactly 32 chars long.

You can use,

$ openssl rand -base64 22 

or any other random string generator to generate random 32 chars long key. And use it as the value as in the following example,

$cfg['blow_secret'] = '7yRxkscr/SB4Sb729H7HdnbNqZxJOQ==';

Answer 6

in /usr/share/phpmyadmin/libraries/vendor_config.php the config dir variable might either be empty or missing the trailing slash, change it into:

define('CONFIG_DIR', '/etc/phpmyadmin/'); 

The permission to this temporary directory needs to be set correctly in /usr/share/phpmyadmin/libraries/vendor_config.php. It solved it for me. define('TEMP_DIR', '/var/lib/phpmyadmin/tmp/');

Also if you are missing the Users tab in PhpMyAdmin, it is caused because of insufficient rights. Run GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'%' WITH GRANT OPTION; from the mysql console (your your own administrative username) while logged in with root privileges.

Answer 7

HELP TO USERS WHICH FILESYSTEM DO NOT SET FILE PERMISSIONS.

The file /config.inc.php must be set with chmod 755 in order to be accepted. Unfortunatelly, some disks and mounted filesystems will not accept chmod, so this file must remain as a "sample" /config.sample.inc.php.

You have a workaround to set all the configs in /libraries/config.default.php They say you should not edit the file, but in my case was the unique option.