From 71f755dd445c72e79ffa3c944928edb4ec9b64c3 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Thu, 29 Jun 2017 16:01:11 -0400
Subject: [PATCH] secure strings for 2fa recovery codes

---
 src/Core/Services/Implementations/UserService.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs
index 8c39781b4f..2f37e410cc 100644
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@@ -436,7 +436,7 @@ namespace Bit.Core.Services
 
             if(string.IsNullOrWhiteSpace(user.TwoFactorRecoveryCode))
             {
-                user.TwoFactorRecoveryCode = Guid.NewGuid().ToString("N");
+                user.TwoFactorRecoveryCode = Utilities.CoreHelpers.SecureRandomString(32, upper: false, special: false);
             }
             await SaveUserAsync(user);
         }
@@ -474,7 +474,7 @@ namespace Bit.Core.Services
             }
 
             user.TwoFactorProviders = null;
-            user.TwoFactorRecoveryCode = Guid.NewGuid().ToString("N");
+            user.TwoFactorRecoveryCode = Utilities.CoreHelpers.SecureRandomString(32, upper: false, special: false);
             await SaveUserAsync(user);
 
             return true;