Changed default secret bits from 80 to 160 as recommended by RFC4226

Mattie112 · web-flow · commit d996779182fb · 2023-11-17T13:53:13.000+01:00
https://www.ietf.org/rfc/rfc4226.txt (and TOTP refers to RFC4226, see https://www.ietf.org/rfc/rfc6238.txt)
diff --git a/lib/TwoFactorAuth.php b/lib/TwoFactorAuth.php
@@ -51,7 +51,7 @@ public function __construct(
     /**
      * Create a new secret
      */
-    public function createSecret(int $bits = 80, bool $requirecryptosecure = true): string
+    public function createSecret(int $bits = 160, bool $requirecryptosecure = true): string
     {
         $secret = '';
         $bytes = (int)ceil($bits / 5);   // We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ public function __construct(`
`51`	`51`	`/**`
`52`	`52`	`* Create a new secret`
`53`	`53`	`*/`
`54`		`- public function createSecret(int $bits = 80, bool $requirecryptosecure = true): string`
	`54`	`+ public function createSecret(int $bits = 160, bool $requirecryptosecure = true): string`
`55`	`55`	`{`
`56`	`56`	`$secret = '';`
`57`	`57`	`$bytes = (int)ceil($bits / 5); // We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)`