feat: use 160-bit secret for TOTP

Author: JYC333

apps/server/src/services/totp.ts

@@ -1,6 +1,7 @@
-import { Totp, generateSecret } from 'time2fa';
-import options from './options.js';
+import { generateSecret,Totp } from 'time2fa';
+
 import totpEncryptionService from './encryption/totp_encryption.js';
+import options from './options.js';
 
 function isTotpEnabled(): boolean {
     return options.getOptionOrNull('mfaEnabled') === "true" &&
@@ -10,7 +11,7 @@ function isTotpEnabled(): boolean {
 
 function createSecret(): { success: boolean; message?: string } {
     try {
-        const secret = generateSecret();
+        const secret = generateSecret(20);
 
         totpEncryptionService.setTotpSecret(secret);