This series adds a new format of how we store TFA keys. The reason is
documented in the new format verifier:
# The old format used 16 base32 chars or 40 hex digits. Since they have a
common subset it's
# hard to distinguish them without the our previous length constraints, so
add a 'v2' of the
# format to support arbitrary lengths properly:
New secrets are now prefixed with 'v2-', hexadecimals are still
supported by prefixing the secret itself with '0x' (since '0x' is not
actually valid in base32), eg. 'v2-0xbeef00d', otherwise it's base32:
'v2-ASDF2345'
Both old and new formats work, so existing configurations stay intact,
also still-cached js guis will keep working fine.
Tested with AndOTP, FreeOTP & Google Authenticator.
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
