Generate a 32 character long totp secret

This provides 160bit length instead of the previous 80, as recommended by the rfc4226 (hotp), which is the basis for rfc6238 (totp). 128 bit is required by the rfc, and e.g. FreeOTP complains with an 80bit secret.
2025-02-25 12:53:26 +01:00 · 2025-02-25 12:53:26 +01:00 · f3a19e0a43
commit f3a19e0a43
parent 12787ff4c2
1 changed files with 4 additions and 1 deletions
--- a/plugins/kolab_2fa/lib/Kolab2FA/Driver/Base.php
+++ b/plugins/kolab_2fa/lib/Kolab2FA/Driver/Base.php
@ -182,8 +182,11 @@ abstract class Base

    /**
     * Generate a random secret string
+     *
+     * A default of 32 characters results in 160bit security which is recommended by
+     * https://datatracker.ietf.org/doc/html/rfc6238
     */
-    public function generate_secret($length = 16)
+    public function generate_secret($length = 32)
    {
        // Base32 characters
        $chars = [