From f3a19e0a43671b434c7605bb49b1690af8cf6bdc Mon Sep 17 00:00:00 2001
From: Christian Mollekopf <mollekopf@apheleia-it.ch>
Date: Tue, 25 Feb 2025 12:53:26 +0100
Subject: [PATCH] Generate a 32 character long totp secret

This provides 160bit length instead of the previous 80, as
recommended by the rfc4226 (hotp), which is the basis for rfc6238 (totp).
128 bit is required by the rfc, and e.g. FreeOTP complains with an 80bit secret.
---
 plugins/kolab_2fa/lib/Kolab2FA/Driver/Base.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/kolab_2fa/lib/Kolab2FA/Driver/Base.php b/plugins/kolab_2fa/lib/Kolab2FA/Driver/Base.php
index 273dc170..53b4a34a 100644
--- a/plugins/kolab_2fa/lib/Kolab2FA/Driver/Base.php
+++ b/plugins/kolab_2fa/lib/Kolab2FA/Driver/Base.php
@@ -182,8 +182,11 @@ abstract class Base
 
     /**
      * Generate a random secret string
+     *
+     * A default of 32 characters results in 160bit security which is recommended by
+     * https://datatracker.ietf.org/doc/html/rfc6238
      */
-    public function generate_secret($length = 16)
+    public function generate_secret($length = 32)
     {
         // Base32 characters
         $chars = [