Fix token secret length RFC compliance
    
    RFC 4226 states the following in section 4:
       R6 - The algorithm MUST use a strong shared secret.  The length of
       the shared secret MUST be at least 128 bits.  This document
       RECOMMENDs a shared secret length of 160 bits.
    
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>