otp
otp copied to clipboard
use Base32::encodeUpper to generate base32 secret
The RFC also recommends using a 160 bit secret. The default now is an 80 bit secret. So the $length
default can maybe change to 32
from 16
. I didn't do this yet as it may break people's integrations.
R6 - The algorithm MUST use a strong shared secret. The length of the shared secret MUST be at least 128 bits. This document RECOMMENDs a shared secret length of 160 bits.
https://tools.ietf.org/html/rfc4226#section-4