Merge pull request #117 from Mattie112/patch-1

RobThree · web-flow · commit dfc1124f9650 · 2024-04-17T20:46:47.000+02:00
Changed default secret length from 80bits to 160bits as recommended by RFC4226
diff --git a/lib/TwoFactorAuth.php b/lib/TwoFactorAuth.php
@@ -52,7 +52,7 @@ public function __construct(
     /**
      * Create a new secret
      */
-    public function createSecret(int $bits = 80): string
+    public function createSecret(int $bits = 160): string
     {
         $secret = '';
         $bytes = (int)ceil($bits / 5);   // We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public function __construct(`
`52`	`52`	`/**`
`53`	`53`	`* Create a new secret`
`54`	`54`	`*/`
`55`		`- public function createSecret(int $bits = 80): string`
	`55`	`+ public function createSecret(int $bits = 160): string`
`56`	`56`	`{`
`57`	`57`	`$secret = '';`
`58`	`58`	`$bytes = (int)ceil($bits / 5); // We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)`