From e4f5c2313d328d8d2a6f45da2f49f03b7e721cce Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Mon, 30 Sep 2024 17:45:43 +1000
Subject: [PATCH] Increase totp secret size (#3061)

---
 server/lib/src/credential/totp.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/lib/src/credential/totp.rs b/server/lib/src/credential/totp.rs
index 04a822d6f..e39cf2c5b 100644
--- a/server/lib/src/credential/totp.rs
+++ b/server/lib/src/credential/totp.rs
@@ -10,8 +10,9 @@ use rand::prelude::*;
 use crate::be::dbvalue::{DbTotpAlgoV1, DbTotpV1};
 use crate::repl::proto::{ReplTotpAlgoV1, ReplTotpV1};
 
-// This is 64 bits of entropy, as the examples in https://tools.ietf.org/html/rfc6238 show.
-const SECRET_SIZE_BYTES: usize = 8;
+// Update to match advice that totp hmac key should be the same
+// number of bytes as the output.
+const SECRET_SIZE_BYTES: usize = 32;
 pub const TOTP_DEFAULT_STEP: u64 = 30;
 
 #[derive(Debug, PartialEq, Eq)]