https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28786
--- Comment #61 from Marcel de Rooy <[email protected]> --- -my $secret = Koha::AuthUtils::generate_salt( 'weak', 16 ); -my $auth = Koha::Auth::TwoFactorAuth->new( - { patron => $patron, secret => $secret } ); +my $auth = Koha::Auth::TwoFactorAuth->new({ patron => $patron }); my $secret32 = $auth->generate_secret32; my $ok = $auth->verify($pin_code, 1, $secret32); Actually, this is not what I meant. You let the weak randomizer of Auth::GoogleAuth create a secret by calling generate_secret32. I had in mind to just remove that call. In the assumption that we pass our own secret (hopefully better) from generate_salt? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
