From: Tim Düsterhus Date: Thu, 26 Nov 2020 15:23:54 +0000 (+0100) Subject: Use a constant for the bytelength of the secret in TOTP X-Git-Tag: 5.4.0_Alpha_1~555^2~16 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=5ebc1f6685d63511002a1c1801a7e35e845b323b;p=GitHub%2FWoltLab%2FWCF.git Use a constant for the bytelength of the secret in TOTP --- diff --git a/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php b/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php index 8cf1cc08d6..9a56007e93 100644 --- a/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php +++ b/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php @@ -28,6 +28,11 @@ final class Totp { */ private const LEEWAY = 2; + /** + * The amount of randomness to use within the secret. + */ + private const SECRET_BYTES = 16; + /** * @var string */ @@ -41,7 +46,7 @@ final class Totp { * Returns a random secret. */ public static function generateSecret(): string { - return \random_bytes(16); + return \random_bytes(self::SECRET_BYTES); } /**