Use a constant for the bytelength of the secret in TOTP
authorTim Düsterhus <duesterhus@woltlab.com>
Thu, 26 Nov 2020 15:23:54 +0000 (16:23 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Thu, 26 Nov 2020 15:23:54 +0000 (16:23 +0100)
wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php

index 8cf1cc08d65635b5ee1b4db1c7acf50e6267797b..9a56007e93f7cbc86abb2e3050b2971dc0911da6 100644 (file)
@@ -28,6 +28,11 @@ final class Totp {
         */
        private const LEEWAY = 2;
        
+       /**
+        * The amount of randomness to use within the secret.
+        */
+       private const SECRET_BYTES = 16;
+       
        /**
         * @var string
         */
@@ -41,7 +46,7 @@ final class Totp {
         * Returns a random secret.
         */
        public static function generateSecret(): string {
-               return \random_bytes(16);
+               return \random_bytes(self::SECRET_BYTES);
        }
        
        /**