Why must secret's length > 32?

I work with developer of go,but when I create jwt token,the java is error ,but i don't find this requirement in any way,can u show me? protected MACProvider(final byte[] secret, final Set<JWSAlgorithm> supportedAlgs) throws KeyLengthException {

    super(supportedAlgs);

    if (secret.length < 256 / 8) {
        throw new KeyLengthException("The secret length must be at least 256 bits");
    }

    this.secret = secret;
}

Comments (1)