From c63cab9bc11127172ea3874847a61a64397897ca Mon Sep 17 00:00:00 2001
From: Frank <base-zero@users.noreply.github.com>
Date: Mon, 31 Oct 2016 18:20:31 +0000
Subject: [PATCH] Harden PragmaRX secret to 32 bytes (#2859)

This is needed at all but that extra security is always good.
---
 app/Http/Controllers/Auth/AuthController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php
index f76d469e2c24..4f3f0596d6de 100644
--- a/app/Http/Controllers/Auth/AuthController.php
+++ b/app/Http/Controllers/Auth/AuthController.php
@@ -176,7 +176,7 @@ public function getTwoFactorEnroll()
         $google2fa = app()->make('PragmaRX\Google2FA\Contracts\Google2FA');
 
         if ($user->two_factor_secret=='') {
-            $user->two_factor_secret = $google2fa->generateSecretKey();
+            $user->two_factor_secret = $google2fa->generateSecretKey(32);
             $user->save();
         }