RFC 4226 states the following in section 4:
R6 - The algorithm MUST use a strong shared secret. The length of
the shared secret MUST be at least 128 bits. This document
RECOMMENDs a shared secret length of 160 bits.
>From d75ea4ffded9e6f9e60702bf481dd7b9e5d201ac Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <[email protected]>
Date: Mon, 3 Mar 2014 11:09:26 -0500
Subject: [PATCH] Fix token secret length RFC compliance
RFC 4226 states the following in section 4:
R6 - The algorithm MUST use a strong shared secret. The length of
the shared secret MUST be at least 128 bits. This document
RECOMMENDs a shared secret length of 160 bits.
---
ipalib/plugins/otptoken.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py
index 92853dec3048fd98f98f4113ef8b5874f2500919..91525398d6b7fd1fc355a7a018a6f96bef109979 100644
--- a/ipalib/plugins/otptoken.py
+++ b/ipalib/plugins/otptoken.py
@@ -59,7 +59,7 @@ TOKEN_TYPES = {
}
# NOTE: For maximum compatibility, KEY_LENGTH % 5 == 0
-KEY_LENGTH = 10
+KEY_LENGTH = 20
class OTPTokenKey(Bytes):
"""A binary password type specified in base32."""
--
1.8.5.3
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
