What is the purpose of TOKEN_KEY_LENGTH being set to 8 chars?

[drivelous]

The key generated is 64 chars long but we only store the first 8 in the db and the constants says not to change it.

https://github.com/James1345/django-rest-knox/blob/develop/knox/models.py#L21 https://github.com/James1345/django-rest-knox/blob/develop/knox/settings.py#L43

Why is that? isn't 8 chars incredibly short? Why must they never be changed at runtime as the note says in the constants file? Hypothetically if I wanted to change that, how would I safely change it to, say, 32 chars?

[joelawm]

I believe the reason is that anything higher than 8 is sort of useless. So that would be 2,821,109,907,400 number of possible tokens. So obviously you really don't have a need to have more devices than that. The way you get this is through a permutation in discrete math 36 objects at 8 samples. Though to your question sha 256 is a massive number and we use that as well, so if you have no expectation for a token it might be ideal to make it larger, but still not necessary