Hi,
We are adopting Keycloak and are trying to move our OTP tokens over to Keycloak. However,
Keycloak can only use secrets that are alphanumeric strings whereas our existing
implementation and most hard and software tokens we have used use the full range of binary
values when generating secrets.
2 questions:
1: Is the lower entropy of the secrets generated by Keycloak a concern?
2: If we provided a PR that migrated the existing data by re-encoding all existing secrets
as Base32 and updated the code to assume Base32 instead of string be acceptable?
This would be a non breaking change but allow anyone using existing OTP tokens to migrate
their secrets which I don't think they can at the moment.
Thanks,
Andy
Show replies by date