beb795
From ab2eaf607dd3746dd239595315dbaaebade06320 Mon Sep 17 00:00:00 2001
beb795
From: Nathaniel McCallum <npmccallum@redhat.com>
beb795
Date: Thu, 22 Feb 2018 14:04:10 -0500
beb795
Subject: [PATCH] Increase the default token key size
beb795
beb795
The previous default token key size would fail in FIPS mode for the sha384
beb795
and sha512 algorithms. With the updated key size, the default will work in
beb795
all cases.
beb795
beb795
https://pagure.io/freeipa/issue/7168
beb795
beb795
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
beb795
Reviewed-By: Christian Heimes <cheimes@redhat.com>
beb795
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
beb795
---
beb795
 ipaserver/plugins/otptoken.py | 2 +-
beb795
 1 file changed, 1 insertion(+), 1 deletion(-)
beb795
beb795
diff --git a/ipaserver/plugins/otptoken.py b/ipaserver/plugins/otptoken.py
beb795
index c66f0980f0fc2ed49b4224be40a18ce528a6da7b..a6e423f949659d8157c8471d0fbc3ee8a299ac98 100644
beb795
--- a/ipaserver/plugins/otptoken.py
beb795
+++ b/ipaserver/plugins/otptoken.py
beb795
@@ -72,7 +72,7 @@ TOKEN_TYPES = {
beb795
 }
beb795
 
beb795
 # NOTE: For maximum compatibility, KEY_LENGTH % 5 == 0
beb795
-KEY_LENGTH = 20
beb795
+KEY_LENGTH = 35
beb795
 
beb795
 class OTPTokenKey(Bytes):
beb795
     """A binary password type specified in base32."""
beb795
-- 
beb795
2.14.3
beb795