Problem/Motivation

This module uses mt_rand() to generate the OTP code.
This function is not truly random and uses a known algorithm based on a seed.
The PHP doc says:

This function does not generate cryptographically secure values, and must not be used for cryptographic purposes, or purposes that require returned values to be unguessable.

Steps to reproduce

Proposed resolution

The random_int() function should probably be used instead.

Remaining tasks

User interface changes

API changes

Data model changes

Issue fork email_tfa-3530441

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

prudloff created an issue. See original summary.

jeeva r made their first commit to this issue’s fork.

jeeva r opened merge request !26

jeeva r’s picture

jeeva r commented
Assigned: Unassigned » jeeva r
Status: Active » Needs review
makertimswis’s picture

makertimswis
Primary language Dutch
commented

Tested and looks good to me
great find

makertimswis’s picture

makertimswis
Primary language Dutch
commented
Status: Needs review » Reviewed & tested by the community
jeeva r’s picture

jeeva r commented

@makertimswis, thanks for testing my code changes, once it reviewed, please update the issue status..

jeeva r’s picture

jeeva r commented
Assigned: jeeva r » Unassigned

abdulaziz zaid made their first commit to this issue’s fork.

abdulaziz zaid’s picture

abdulaziz zaid
Primary language Arabic
Location Riyadh 🇸🇦
commented
Status: Reviewed & tested by the community » Fixed

Thanks everyone

Merged !26 🎉

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.