RFC 4226 states the following in section 4: R6 - The algorithm MUST use a strong shared secret. The length of the shared secret MUST be at least 128 bits. This document RECOMMENDs a shared secret length of 160 bits.
>From d75ea4ffded9e6f9e60702bf481dd7b9e5d201ac Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum <npmccal...@redhat.com> Date: Mon, 3 Mar 2014 11:09:26 -0500 Subject: [PATCH] Fix token secret length RFC compliance
RFC 4226 states the following in section 4: R6 - The algorithm MUST use a strong shared secret. The length of the shared secret MUST be at least 128 bits. This document RECOMMENDs a shared secret length of 160 bits. --- ipalib/plugins/otptoken.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py index 92853dec3048fd98f98f4113ef8b5874f2500919..91525398d6b7fd1fc355a7a018a6f96bef109979 100644 --- a/ipalib/plugins/otptoken.py +++ b/ipalib/plugins/otptoken.py @@ -59,7 +59,7 @@ TOKEN_TYPES = { } # NOTE: For maximum compatibility, KEY_LENGTH % 5 == 0 -KEY_LENGTH = 10 +KEY_LENGTH = 20 class OTPTokenKey(Bytes): """A binary password type specified in base32.""" -- 1.8.5.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel