From 854a6527d6941093930faddc680e5ad123c26b64 Mon Sep 17 00:00:00 2001
From: Klas Lindfors <klas@yubico.com>
Date: Tue, 8 May 2012 13:43:21 +0200
Subject: [PATCH] update comment about nonce to reflect what the code actually
 does enforce

---
 ykval-verify.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ykval-verify.php b/ykval-verify.php
index 4de4c55..27462b1 100644
--- a/ykval-verify.php
+++ b/ykval-verify.php
@@ -67,7 +67,7 @@ if ($protocol_version>=2.0) {
  * otp: one-time password 
  * id: client id 
  * timeout: timeout in seconds to wait for external answers, optional: if absent the server decides 
- * nonce: random alphanumeric string, 8 to 32 bytes characters long. Must be non-predictable and changing for each request, but need not be cryptographically strong 
+ * nonce: random alphanumeric string, 16 to 40 characters long. Must be non-predictable and changing for each request, but need not be cryptographically strong 
  * sl: "sync level", percentage of external servers that needs to answer (integer 0 to 100), or "fast" or "secure" to use server-configured values 
  * h: signature (optional) 
  * timestamp: requests timestamp/counters in response