Increase 2FA key size

tvlooy · tvlooy · commit c69993231fa9 · 2025-09-10T13:36:05.000+02:00
When scanning the 2FA codes with FreeOTP it reports that the tokens contain insecure cryptographic parameters. The key is too short. Google authenicator standard is 32 characters.
diff --git a/plugins/TwoFactorAuth/Dao/TwoFaSecretRandomGenerator.php b/plugins/TwoFactorAuth/Dao/TwoFaSecretRandomGenerator.php
@@ -16,6 +16,6 @@ class TwoFaSecretRandomGenerator
     public function generateSecret()
     {
         $authenticator = new \TwoFactorAuthenticator();
-        return $authenticator->createSecret(16);
+        return $authenticator->createSecret(32);
     }
 }
diff --git a/plugins/TwoFactorAuth/tests/Integration/Dao/TwoFaSecretRandomGeneratorTest.php b/plugins/TwoFactorAuth/tests/Integration/Dao/TwoFaSecretRandomGeneratorTest.php
@@ -33,7 +33,7 @@ public function setUp(): void
 
     public function testGeneratorCodeLength()
     {
-        $this->assertSame(16, mb_strlen($this->generator->generateSecret()));
+        $this->assertSame(32, mb_strlen($this->generator->generateSecret()));
     }
 
     public function testGeneratorCodeAlwaysDifferent()
diff --git a/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthenticationTest.php b/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthenticationTest.php
@@ -56,7 +56,7 @@ public function setUp(): void
 
     public function testGenerateSecret()
     {
-        $this->assertSame(16, mb_strlen($this->twoFa->generateSecret()));
+        $this->assertSame(32, mb_strlen($this->twoFa->generateSecret()));
     }
 
     public function testIsUserRequiredToHaveTwoFactorEnabledNotByDefault()

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,6 @@ class TwoFaSecretRandomGenerator`
`16`	`16`	`public function generateSecret()`
`17`	`17`	`{`
`18`	`18`	`$authenticator = new \TwoFactorAuthenticator();`
`19`		`- return $authenticator->createSecret(16);`
	`19`	`+ return $authenticator->createSecret(32);`
`20`	`20`	`}`
`21`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ public function setUp(): void`
`33`	`33`
`34`	`34`	`public function testGeneratorCodeLength()`
`35`	`35`	`{`
`36`		`- $this->assertSame(16, mb_strlen($this->generator->generateSecret()));`
	`36`	`+ $this->assertSame(32, mb_strlen($this->generator->generateSecret()));`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`public function testGeneratorCodeAlwaysDifferent()`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ public function setUp(): void`
`56`	`56`
`57`	`57`	`public function testGenerateSecret()`
`58`	`58`	`{`
`59`		`- $this->assertSame(16, mb_strlen($this->twoFa->generateSecret()));`
	`59`	`+ $this->assertSame(32, mb_strlen($this->twoFa->generateSecret()));`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`public function testIsUserRequiredToHaveTwoFactorEnabledNotByDefault()`