TOTP with 'short' shared secrets not supported
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
We are migrating our users from an older backend to keystone and want to keep the current 2FA tokens for the end-users to make is as seamless as possible.
Historically it was common practice to generate TOTP secrets of 16 chars [1] and users still use them.
One issue we are facing is that keystone (implicitly) does not accept the 2FA TOTP secrets our older user base currently has, as the keysize is not long enough for the default settings of cryptography.
We can just pass enforce_
[1] https:/
[2] https:/
[3] https:/
Changed in keystone: | |
status: | In Progress → New |
Fix proposed to branch: master /review. opendev. org/c/openstack /keystone/ +/915258
Review: https:/