Skip to content

Phpmyadmin Blowfish Secret

DodaTech 1 min read

In this tutorial, you'll learn about How to Fix phpMyAdmin Blowfish Secret Error. We cover key concepts, practical examples, and best practices.

The Problem

phpMyAdmin shows a warning:

The configuration file now needs a secret passphrase (blowfish_secret).

Quick Fix

Step 1: Generate a blowfish secret

# Generate a random 32-character string:
openssl rand -base64 32
# Or:
echo -n "secret-" && cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1

Step 2: Add the secret to config.inc.php

Edit /usr/share/phpmyadmin/config.inc.php:

$cfg['blowfish_secret'] = 'aB3dE5fGhIjKlMnOpQrStUvWxYz123456';  // 32+ chars

Step 3: Verify the configuration

# Check for syntax errors:
php -l /usr/share/phpmyadmin/config.inc.php

Step 4: Set separate secrets for multiple servers

$cfg['blowfish_secret'] = 'first-server-secret-here-12345678';
$cfg['Servers'][$i]['blowfish_secret'] = 'second-server-secret-here-12345';

Step 5: Clear cache and cookies

# Clear phpMyAdmin cache:
rm -rf /var/lib/phpmyadmin/tmp/*

Also clear browser cookies for the phpMyAdmin domain.

Step 6: Set proper file permissions

chmod 644 /usr/share/phpmyadmin/config.inc.php
chown root:www-data /usr/share/phpmyadmin/config.inc.php

Prevention

  • Generate a unique blowfish secret during phpMyAdmin installation.
  • Keep the secret in a secure location (not in version control).
  • Change the secret if you suspect a security breach.

Common Mistakes with blowfish secret

  1. Forgetting deriving (Show, Eq) on custom data types needed for debugging
  2. Placing the wildcard pattern first in case expressions, making all subsequent patterns unreachable
  3. Using head and tail instead of pattern matching, causing runtime errors on empty lists

These mistakes appear frequently in real-world PHPMYADMIN code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### What is the blowfish secret used for?

The blowfish secret is used by phpMyAdmin's cookie-based authentication to encrypt user session data. Without it, cookies are not secure.

Is the blowfish secret the same as the MySQL password?

No. The blowfish secret is for cookie encryption, not database authentication. It can be any random string of 32+ characters.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro