From 5ebc1f6685d63511002a1c1801a7e35e845b323b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 26 Nov 2020 16:23:54 +0100
Subject: [PATCH] Use a constant for the bytelength of the secret in TOTP

---
 .../files/lib/system/user/multifactor/totp/Totp.class.php  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php b/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php
index 8cf1cc08d6..9a56007e93 100644
--- a/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php
+++ b/wcfsetup/install/files/lib/system/user/multifactor/totp/Totp.class.php
@@ -28,6 +28,11 @@ final class Totp {
 	 */
 	private const LEEWAY = 2;
 	
+	/**
+	 * The amount of randomness to use within the secret.
+	 */
+	private const SECRET_BYTES = 16;
+	
 	/**
 	 * @var string
 	 */
@@ -41,7 +46,7 @@ final class Totp {
 	 * Returns a random secret.
 	 */
 	public static function generateSecret(): string {
-		return \random_bytes(16);
+		return \random_bytes(self::SECRET_BYTES);
 	}
 	
 	/**
-- 
2.20.1