From ab2eaf607dd3746dd239595315dbaaebade06320 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Thu, 22 Feb 2018 14:04:10 -0500 Subject: [PATCH] Increase the default token key size The previous default token key size would fail in FIPS mode for the sha384 and sha512 algorithms. With the updated key size, the default will work in all cases. https://pagure.io/freeipa/issue/7168 Reviewed-By: Rob Crittenden Reviewed-By: Christian Heimes Reviewed-By: Rob Crittenden --- ipaserver/plugins/otptoken.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/otptoken.py b/ipaserver/plugins/otptoken.py index c66f0980f0fc2ed49b4224be40a18ce528a6da7b..a6e423f949659d8157c8471d0fbc3ee8a299ac98 100644 --- a/ipaserver/plugins/otptoken.py +++ b/ipaserver/plugins/otptoken.py @@ -72,7 +72,7 @@ TOKEN_TYPES = { } # NOTE: For maximum compatibility, KEY_LENGTH % 5 == 0 -KEY_LENGTH = 20 +KEY_LENGTH = 35 class OTPTokenKey(Bytes): """A binary password type specified in base32.""" -- 2.14.3