[Koha-bugs] [Bug 28786] Two-factor authentication for staff client - TOTP
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jan 18 15:57:14 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28786
--- Comment #87 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Yes, I replaced that patch.
- my $secret32 = $auth->generate_secret32;
+ my $secret32 = encode_base32(Koha::AuthUtils::generate_salt("strong",
32));
Base32 encoding is done by the module.
You should not use strong in the AuthUtils call! It is too STRONG.
Note:
if( $strength eq "strong" ){
$source = '/dev/random'; # blocking
You dont want it to block on a VM or so when there is not enough
randomness/entropy.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list