diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-03-03 11:09:26 -0500 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-05 10:09:16 +0100 |
commit | 0ca6653c299c75f5215cc37c6b129ce58a85e8df (patch) | |
tree | 5e35078f5c66b1cf11652ba874a9a0d7a65673ee /ipalib/plugins | |
parent | 21ff4f920e4ff7c1e2870024f007f067fc3cf6c8 (diff) | |
download | freeipa-0ca6653c299c75f5215cc37c6b129ce58a85e8df.tar.gz freeipa-0ca6653c299c75f5215cc37c6b129ce58a85e8df.tar.xz freeipa-0ca6653c299c75f5215cc37c6b129ce58a85e8df.zip |
Fix token secret length RFC compliance
RFC 4226 states the following in section 4:
R6 - The algorithm MUST use a strong shared secret. The length of
the shared secret MUST be at least 128 bits. This document
RECOMMENDs a shared secret length of 160 bits.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/otptoken.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py index 92853dec3..91525398d 100644 --- a/ipalib/plugins/otptoken.py +++ b/ipalib/plugins/otptoken.py @@ -59,7 +59,7 @@ TOKEN_TYPES = { } # NOTE: For maximum compatibility, KEY_LENGTH % 5 == 0 -KEY_LENGTH = 10 +KEY_LENGTH = 20 class OTPTokenKey(Bytes): """A binary password type specified in base32.""" |