Add random_hex function

[teward]

Some TOTP systems don't accept Base32 input, and want hex. Create a simple 'random_hex' function that wraps around random_base32.

Such a system would be Sophos' XG Firewall when adding customized seeds. These require HEX keys, and there's no outright mechanism to create them here. This is a simple wrapper function added around preexisting random_base32 that provides HEX returns.

[tilkinsc]

Such systems will want back the actual hex code when they ask. So if this does get accepted, it would be of the users interest.

[codecov-io]

Codecov Report

Merging #82 into master will decrease coverage by 0.28%. The diff coverage is 50%.

@@            Coverage Diff             @@
##           master      #82      +/-   ##
==========================================
- Coverage   97.91%   97.62%   -0.29%     
==========================================
  Files           8        8              
  Lines         335      337       +2     
==========================================
+ Hits          328      329       +1     
- Misses          7        8       +1

Impacted Files	Coverage Δ
src/pyotp/__init__.py	93.33% <50%> (-6.67%)	:arrow_down:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 041f5d3...bfa2e0f. Read the comment docs.

[kislyuk]

Thanks, this looks good.

[kislyuk]

RFC 4226 says the secret MUST be at least 128 bits. Your function would have the secret be 64 bits. I'm increasing the default length to 32. When using this and other security libraries, please pay attention to the cryptographic requirements of the underlying algorithms.

[Gu-f]

It appears that hex secret cannot be used as input secret for TOTP()

import pyotp
import time

totp = pyotp.TOTP(pyotp.random_hex())
totp.now()

Is it only used to provide third-party apps to use, and pyotp do not use it? I don't have a good understanding of the function of this. Can you help me explain?