From c71ee33057436dc2be1f071f379e6341c382e0ec Mon Sep 17 00:00:00 2001
From: Clar Charr <clar@charr.xyz>
Date: Tue, 3 Jul 2018 18:10:35 -0400
Subject: [PATCH] Increase default TOTP secret size to 320 bits (#4287)

---
 routers/user/setting/security_twofa.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/routers/user/setting/security_twofa.go b/routers/user/setting/security_twofa.go
index 55101ed1a4..cb61b9e270 100644
--- a/routers/user/setting/security_twofa.go
+++ b/routers/user/setting/security_twofa.go
@@ -76,6 +76,7 @@ func twofaGenerateSecretAndQr(ctx *context.Context) bool {
 	if otpKey == nil {
 		err = nil // clear the error, in case the URL was invalid
 		otpKey, err = totp.Generate(totp.GenerateOpts{
+			SecretSize:  40,
 			Issuer:      setting.AppName + " (" + strings.TrimRight(setting.AppURL, "/") + ")",
 			AccountName: ctx.User.Name,
 		})