Kratos cookie secret length requirement unclear

[Kakadus]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

From the docs:

1. Secrets must be 32-character-long strings
2. These secrets must have high entropy (>= 256 bit)

So let's play the password game!
Assuming 1 character = 1 byte, this suggest yaml-escaping 32 raw bytes. More than 256 bit entropy would be impossible, unless unicode characters are allowed, but I've never seen emojiis in (cookie) secrets.

To make it more sane, I'd expect kratos to hash the passed value before usage, regardless of the length of the value to extract full entropy, and exactly that seems to be done: https://github.com/ory/kratos/blob/50f1b8f0df8636cea94d1100c1dc68dd8f6bdfc5/driver/registry_default.go#L530-L534

IMHO, the documentation should be updated to remove the secret length requirement.

Reproducing the bug

Open https://www.ory.com/docs/kratos/guides/select-cipher-algorithm#xchacha20-poly1305 and https://www.ory.com/docs/kratos/guides/secret-key-rotation and follow the guide rigorously.

Relevant log output

The bug is in the documentation.

Relevant configuration

The bug is in the documentation.

Version

The bug is in the documentation.

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response

[Kakadus]

Update: default and cookie doesn't have a size limitation, while cipher does. I'm really wondering how to achieve full 256 bit entropy...