Merge pull request #117 from Mattie112/patch-1

Changed default secret length from 80bits to 160bits as recommended by RFC4226
RobThree · Apr 17, 2024 · dfc1124 · dfc1124
2 parents b909cb3 + d4a5026
commit dfc1124
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/TwoFactorAuth.php b/lib/TwoFactorAuth.php
@@ -52,7 +52,7 @@ public function __construct(
     /**
      * Create a new secret
      */
-    public function createSecret(int $bits = 80): string
+    public function createSecret(int $bits = 160): string
     {
         $secret = '';
         $bytes = (int)ceil($bits / 5);   // We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)