Problem/Motivation

This module uses mt_rand() to generate the OTP code.
This function is not truly random and uses a known algorithm based on a seed.
The PHP doc says:

This function does not generate cryptographically secure values, and must not be used for cryptographic purposes, or purposes that require returned values to be unguessable.

Steps to reproduce

Proposed resolution

The random_int() function should probably be used instead.

Remaining tasks

User interface changes

API changes

Data model changes

Issue fork email_tfa-3530441

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

Comments

prudloff created an issue. See original summary.

jeeva r made their first commit to this issue’s fork.

jeeva r’s picture

Assigned: Unassigned » jeeva r
Status: Active » Needs review
makertimswis’s picture

Tested and looks good to me
great find

makertimswis’s picture

Status: Needs review » Reviewed & tested by the community
jeeva r’s picture

@makertimswis, thanks for testing my code changes, once it reviewed, please update the issue status..

jeeva r’s picture

Assigned: jeeva r » Unassigned

abdulaziz zaid made their first commit to this issue’s fork.

abdulaziz zaid’s picture

Status: Reviewed & tested by the community » Fixed

Thanks everyone

Merged !26 🎉

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.