From 0ca6653c299c75f5215cc37c6b129ce58a85e8df Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccallum@redhat.com>
Date: Mar 05 2014 09:09:16 +0000
Subject: Fix token secret length RFC compliance


RFC 4226 states the following in section 4:
   R6 - The algorithm MUST use a strong shared secret.  The length of
   the shared secret MUST be at least 128 bits.  This document
   RECOMMENDs a shared secret length of 160 bits.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

---

diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py
index 92853de..9152539 100644
--- a/ipalib/plugins/otptoken.py
+++ b/ipalib/plugins/otptoken.py
@@ -59,7 +59,7 @@ TOKEN_TYPES = {
 }
 
 # NOTE: For maximum compatibility, KEY_LENGTH % 5 == 0
-KEY_LENGTH = 10
+KEY_LENGTH = 20
 
 class OTPTokenKey(Bytes):
     """A binary password type specified in base32."""