Island: Shorten OTP to 16 characters

VakarisZ · mssalvatore · commit 925c986441e8 · 2024-06-11T09:58:46.000-04:00
16 characters is plenty secure for a token with a 2-minute lifespan and shortens the payload sufficiently Issue #4187 PR #4188
diff --git a/monkey/monkey_island/cc/services/authentication_service/authentication_facade.py b/monkey/monkey_island/cc/services/authentication_service/authentication_facade.py
@@ -16,6 +16,7 @@
 from .user import User
 
 OTP_EXPIRATION_TIME = 2 * 60  # 2 minutes
+OTP_LENGTH = 16
 
 
 class AuthenticationFacade:
@@ -87,7 +88,9 @@ def generate_otp(self) -> OTP:
 
         The generated OTP is saved to the `IOTPRepository`
         """
-        otp = OTP(secure_generate_random_string(32, string.ascii_letters + string.digits + "._-"))
+        otp = OTP(
+            secure_generate_random_string(OTP_LENGTH, string.ascii_letters + string.digits + "._-")
+        )
         expiration_time = time.monotonic() + OTP_EXPIRATION_TIME
         self._otp_repository.insert_otp(otp, expiration_time)
 
