Raise error when trying to generate secret that is too short

aniu-lee · Oct 25, 2019 · 18c0352 · 18c0352
1 parent b9481fd
commit 18c0352
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/README.rst b/README.rst
@@ -76,11 +76,15 @@ Counter-based OTPs
     hotp.verify('316439', 1401) # => True
     hotp.verify('316439', 1402) # => False
 
-Generating a base32 Secret Key
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-::
+Generating a Secret Key
+~~~~~~~~~~~~~~~~~~~~~~~
+A helper function is provided to generate a 16 character base32 secret, compatible with Google Authenticator and other OTP apps::
+
+    pyotp.random_base32()
+
+Some applications want the secret key to be formatted as a hex-encoded string::
 
-    pyotp.random_base32() # returns a 16 character base32 secret. Compatible with Google Authenticator and other OTP apps
+    pyotp.random_hex()  # returns a 32-character hex-encoded secret
 
 Google Authenticator Compatible
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/src/pyotp/__init__.py b/src/pyotp/__init__.py
@@ -8,7 +8,8 @@
 
 def random_base32(length=16, random=None,
                   chars=list('ABCDEFGHIJKLMNOPQRSTUVWXYZ234567')):
-
+    if length < 16:
+        raise Exception("Secrets should be at least 128 bits")
     # Use secrets module if available (Python version >= 3.6) per PEP 506
     try:
         import secrets
@@ -24,4 +25,6 @@ def random_base32(length=16, random=None,
 
 def random_hex(length=32, random=None,
                chars=list('ABCDEF0123456789')):
+    if length < 32:
+        raise Exception("Secrets should be at least 128 bits")
     return random_base32(length=length, random=None, chars=chars)