diff --git a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/Base32.php b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/Base32.php
index 761053e9391..48d00b9911e 100644
--- a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/Base32.php
+++ b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/Base32.php
@@ -1,8 +1,13 @@
 <?php
+declare(strict_types=1);
 namespace ParagonIE\ConstantTime;
 
+use InvalidArgumentException;
+use RangeException;
+use TypeError;
+
 /**
- *  Copyright (c) 2016 - 2017 Paragon Initiative Enterprises.
+ *  Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
  *  Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
  *
  *  Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -35,13 +40,16 @@ abstract class Base32 implements EncoderInterface
     /**
      * Decode a Base32-encoded string into raw binary
      *
-     * @param string $src
+     * @param string $encodedString
      * @param bool $strictPadding
      * @return string
      */
-    public static function decode($src, $strictPadding = \false)
-    {
-        return static::doDecode($src, \false, $strictPadding);
+    public static function decode(
+        #[\SensitiveParameter]
+        string $encodedString,
+        bool $strictPadding = false
+    ): string {
+        return static::doDecode($encodedString, false, $strictPadding);
     }
 
     /**
@@ -51,9 +59,26 @@ abstract class Base32 implements EncoderInterface
      * @param bool $strictPadding
      * @return string
      */
-    public static function decodeUpper($src, $strictPadding = \false)
-    {
-        return static::doDecode($src, \true, $strictPadding);
+    public static function decodeUpper(
+        #[\SensitiveParameter]
+        string $src,
+        bool $strictPadding = false
+    ): string {
+        return static::doDecode($src, true, $strictPadding);
+    }
+
+    /**
+     * Encode into Base32 (RFC 4648)
+     *
+     * @param string $binString
+     * @return string
+     * @throws TypeError
+     */
+    public static function encode(
+        #[\SensitiveParameter]
+        string $binString
+    ): string {
+        return static::doEncode($binString, false, true);
     }
 
     /**
@@ -61,21 +86,12 @@ abstract class Base32 implements EncoderInterface
      *
      * @param string $src
      * @return string
+     * @throws TypeError
      */
-    public static function encode($src)
-    {
-        return static::doEncode($src, \false);
-    }
-
-    /**
-     * Encode into Base32 (RFC 4648)
-     *
-     * @param string $src
-     * @return string
-     * @throws \TypeError
-     */
-    public static function encodeUnpadded($src)
-    {
+    public static function encodeUnpadded(
+        #[\SensitiveParameter]
+        string $src
+    ): string {
         return static::doEncode($src, false, false);
     }
 
@@ -84,10 +100,13 @@ abstract class Base32 implements EncoderInterface
      *
      * @param string $src
      * @return string
+     * @throws TypeError
      */
-    public static function encodeUpper($src)
-    {
-        return static::doEncode($src, \true);
+    public static function encodeUpper(
+        #[\SensitiveParameter]
+        string $src
+    ): string {
+        return static::doEncode($src, true, true);
     }
 
     /**
@@ -95,10 +114,12 @@ abstract class Base32 implements EncoderInterface
      *
      * @param string $src
      * @return string
-     * @throws \TypeError
+     * @throws TypeError
      */
-    public static function encodeUpperUnpadded($src)
-    {
+    public static function encodeUpperUnpadded(
+        #[\SensitiveParameter]
+        string $src
+    ): string {
         return static::doEncode($src, true, false);
     }
 
@@ -109,7 +130,7 @@ abstract class Base32 implements EncoderInterface
      * @param int $src
      * @return int
      */
-    protected static function decode5Bits($src)
+    protected static function decode5Bits(int $src): int
     {
         $ret = -1;
 
@@ -131,7 +152,7 @@ abstract class Base32 implements EncoderInterface
      * @param int $src
      * @return int
      */
-    protected static function decode5BitsUpper($src)
+    protected static function decode5BitsUpper(int $src): int
     {
         $ret = -1;
 
@@ -151,7 +172,7 @@ abstract class Base32 implements EncoderInterface
      * @param int $src
      * @return string
      */
-    protected static function encode5Bits($src)
+    protected static function encode5Bits(int $src): string
     {
         $diff = 0x61;
 
@@ -170,7 +191,7 @@ abstract class Base32 implements EncoderInterface
      * @param int $src
      * @return string
      */
-    protected static function encode5BitsUpper($src)
+    protected static function encode5BitsUpper(int $src): string
     {
         $diff = 0x41;
 
@@ -180,6 +201,35 @@ abstract class Base32 implements EncoderInterface
         return \pack('C', $src + $diff);
     }
 
+    /**
+     * @param string $encodedString
+     * @param bool $upper
+     * @return string
+     */
+    public static function decodeNoPadding(
+        #[\SensitiveParameter]
+        string $encodedString,
+        bool $upper = false
+    ): string {
+        $srcLen = Binary::safeStrlen($encodedString);
+        if ($srcLen === 0) {
+            return '';
+        }
+        if (($srcLen & 7) === 0) {
+            for ($j = 0; $j < 7 && $j < $srcLen; ++$j) {
+                if ($encodedString[$srcLen - $j - 1] === '=') {
+                    throw new InvalidArgumentException(
+                        "decodeNoPadding() doesn't tolerate padding"
+                    );
+                }
+            }
+        }
+        return static::doDecode(
+            $encodedString,
+            $upper,
+            true
+        );
+    }
 
     /**
      * Base32 decoding
@@ -188,9 +238,15 @@ abstract class Base32 implements EncoderInterface
      * @param bool $upper
      * @param bool $strictPadding
      * @return string
+     *
+     * @throws TypeError
      */
-    protected static function doDecode($src, $upper = \false, $strictPadding = \true)
-    {
+    protected static function doDecode(
+        #[\SensitiveParameter]
+        string $src,
+        bool $upper = false,
+        bool $strictPadding = false
+    ): string {
         // We do this to reduce code duplication:
         $method = $upper
             ? 'decode5BitsUpper'
@@ -212,7 +268,7 @@ abstract class Base32 implements EncoderInterface
                 }
             }
             if (($srcLen & 7) === 1) {
-                throw new \RangeException(
+                throw new RangeException(
                     'Incorrect padding'
                 );
             }
@@ -225,14 +281,23 @@ abstract class Base32 implements EncoderInterface
         $dest = '';
         // Main loop (no padding):
         for ($i = 0; $i + 8 <= $srcLen; $i += 8) {
+            /** @var array<int, int> $chunk */
             $chunk = \unpack('C*', Binary::safeSubstr($src, $i, 8));
+            /** @var int $c0 */
             $c0 = static::$method($chunk[1]);
+            /** @var int $c1 */
             $c1 = static::$method($chunk[2]);
+            /** @var int $c2 */
             $c2 = static::$method($chunk[3]);
+            /** @var int $c3 */
             $c3 = static::$method($chunk[4]);
+            /** @var int $c4 */
             $c4 = static::$method($chunk[5]);
+            /** @var int $c5 */
             $c5 = static::$method($chunk[6]);
+            /** @var int $c6 */
             $c6 = static::$method($chunk[7]);
+            /** @var int $c7 */
             $c7 = static::$method($chunk[8]);
 
             $dest .= \pack(
@@ -247,15 +312,23 @@ abstract class Base32 implements EncoderInterface
         }
         // The last chunk, which may have padding:
         if ($i < $srcLen) {
+            /** @var array<int, int> $chunk */
             $chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i));
+            /** @var int $c0 */
             $c0 = static::$method($chunk[1]);
 
             if ($i + 6 < $srcLen) {
+                /** @var int $c1 */
                 $c1 = static::$method($chunk[2]);
+                /** @var int $c2 */
                 $c2 = static::$method($chunk[3]);
+                /** @var int $c3 */
                 $c3 = static::$method($chunk[4]);
+                /** @var int $c4 */
                 $c4 = static::$method($chunk[5]);
+                /** @var int $c5 */
                 $c5 = static::$method($chunk[6]);
+                /** @var int $c6 */
                 $c6 = static::$method($chunk[7]);
 
                 $dest .= \pack(
@@ -266,11 +339,19 @@ abstract class Base32 implements EncoderInterface
                     (($c4 << 7) | ($c5 << 2) | ($c6 >> 3)) & 0xff
                 );
                 $err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5 | $c6) >> 8;
+                if ($strictPadding) {
+                    $err |= ($c6 << 5) & 0xff;
+                }
             } elseif ($i + 5 < $srcLen) {
+                /** @var int $c1 */
                 $c1 = static::$method($chunk[2]);
+                /** @var int $c2 */
                 $c2 = static::$method($chunk[3]);
+                /** @var int $c3 */
                 $c3 = static::$method($chunk[4]);
+                /** @var int $c4 */
                 $c4 = static::$method($chunk[5]);
+                /** @var int $c5 */
                 $c5 = static::$method($chunk[6]);
 
                 $dest .= \pack(
@@ -282,9 +363,13 @@ abstract class Base32 implements EncoderInterface
                 );
                 $err |= ($c0 | $c1 | $c2 | $c3 | $c4 | $c5) >> 8;
             } elseif ($i + 4 < $srcLen) {
+                /** @var int $c1 */
                 $c1 = static::$method($chunk[2]);
+                /** @var int $c2 */
                 $c2 = static::$method($chunk[3]);
+                /** @var int $c3 */
                 $c3 = static::$method($chunk[4]);
+                /** @var int $c4 */
                 $c4 = static::$method($chunk[5]);
 
                 $dest .= \pack(
@@ -294,9 +379,15 @@ abstract class Base32 implements EncoderInterface
                     (($c3 << 4) | ($c4 >> 1)             ) & 0xff
                 );
                 $err |= ($c0 | $c1 | $c2 | $c3 | $c4) >> 8;
+                if ($strictPadding) {
+                    $err |= ($c4 << 7) & 0xff;
+                }
             } elseif ($i + 3 < $srcLen) {
+                /** @var int $c1 */
                 $c1 = static::$method($chunk[2]);
+                /** @var int $c2 */
                 $c2 = static::$method($chunk[3]);
+                /** @var int $c3 */
                 $c3 = static::$method($chunk[4]);
 
                 $dest .= \pack(
@@ -305,8 +396,13 @@ abstract class Base32 implements EncoderInterface
                     (($c1 << 6) | ($c2 << 1) | ($c3 >> 4)) & 0xff
                 );
                 $err |= ($c0 | $c1 | $c2 | $c3) >> 8;
+                if ($strictPadding) {
+                    $err |= ($c3 << 4) & 0xff;
+                }
             } elseif ($i + 2 < $srcLen) {
+                /** @var int $c1 */
                 $c1 = static::$method($chunk[2]);
+                /** @var int $c2 */
                 $c2 = static::$method($chunk[3]);
 
                 $dest .= \pack(
@@ -315,7 +411,11 @@ abstract class Base32 implements EncoderInterface
                     (($c1 << 6) | ($c2 << 1)             ) & 0xff
                 );
                 $err |= ($c0 | $c1 | $c2) >> 8;
+                if ($strictPadding) {
+                    $err |= ($c2 << 6) & 0xff;
+                }
             } elseif ($i + 1 < $srcLen) {
+                /** @var int $c1 */
                 $c1 = static::$method($chunk[2]);
 
                 $dest .= \pack(
@@ -323,6 +423,9 @@ abstract class Base32 implements EncoderInterface
                     (($c0 << 3) | ($c1 >> 2)             ) & 0xff
                 );
                 $err |= ($c0 | $c1) >> 8;
+                if ($strictPadding) {
+                    $err |= ($c1 << 6) & 0xff;
+                }
             } else {
                 $dest .= \pack(
                     'C',
@@ -331,8 +434,9 @@ abstract class Base32 implements EncoderInterface
                 $err |= ($c0) >> 8;
             }
         }
-        if ($err !== 0) {
-            throw new \RangeException(
+        $check = ($err === 0);
+        if (!$check) {
+            throw new RangeException(
                 'Base32::doDecode() only expects characters in the correct base32 alphabet'
             );
         }
@@ -340,25 +444,31 @@ abstract class Base32 implements EncoderInterface
     }
 
     /**
-     * Base32 Decoding
+     * Base32 Encoding
      *
      * @param string $src
      * @param bool $upper
      * @param bool $pad
      * @return string
+     * @throws TypeError
      */
-    protected static function doEncode($src, $upper = \false, $pad = \true)
-    {
+    protected static function doEncode(
+        #[\SensitiveParameter]
+        string $src,
+        bool $upper = false,
+        $pad = true
+    ): string {
         // We do this to reduce code duplication:
         $method = $upper
             ? 'encode5BitsUpper'
             : 'encode5Bits';
-
+        
         $dest = '';
         $srcLen = Binary::safeStrlen($src);
 
         // Main loop (no padding):
         for ($i = 0; $i + 5 <= $srcLen; $i += 5) {
+            /** @var array<int, int> $chunk */
             $chunk = \unpack('C*', Binary::safeSubstr($src, $i, 5));
             $b0 = $chunk[1];
             $b1 = $chunk[2];
@@ -377,6 +487,7 @@ abstract class Base32 implements EncoderInterface
         }
         // The last chunk, which may have padding:
         if ($i < $srcLen) {
+            /** @var array<int, int> $chunk */
             $chunk = \unpack('C*', Binary::safeSubstr($src, $i, $srcLen - $i));
             $b0 = $chunk[1];
             if ($i + 3 < $srcLen) {
@@ -427,4 +538,4 @@ abstract class Base32 implements EncoderInterface
         }
         return $dest;
     }
-}
\ No newline at end of file
+}
diff --git a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/Binary.php b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/Binary.php
index 3ee6cc8da0b..a958f2f7c88 100644
--- a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/Binary.php
+++ b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/Binary.php
@@ -1,8 +1,11 @@
 <?php
+declare(strict_types=1);
 namespace ParagonIE\ConstantTime;
 
+use TypeError;
+
 /**
- *  Copyright (c) 2016 - 2017 Paragon Initiative Enterprises.
+ *  Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
  *  Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
  *
  *  Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -42,12 +45,16 @@ abstract class Binary
      * @param string $str
      * @return int
      */
-    public static function safeStrlen($str)
-    {
+    public static function safeStrlen(
+        #[\SensitiveParameter]
+        string $str
+    ): int {
         if (\function_exists('mb_strlen')) {
+            // mb_strlen in PHP 7.x can return false.
+            /** @psalm-suppress RedundantCast */
             return (int) \mb_strlen($str, '8bit');
         } else {
-            return (int) \strlen($str);
+            return \strlen($str);
         }
     }
 
@@ -59,39 +66,28 @@ abstract class Binary
      * @staticvar boolean $exists
      * @param string $str
      * @param int $start
-     * @param int $length
+     * @param ?int $length
      * @return string
-     * @throws \TypeError
+     *
+     * @throws TypeError
      */
     public static function safeSubstr(
-        $str,
-        $start = 0,
-        $length = \null
-    ) {
-        if (\function_exists('mb_substr')) {
-            // mb_substr($str, 0, null, '8bit') returns an empty string on PHP
-            // 5.3, so we have to find the length ourselves.
-            if (\is_null($length)) {
-                if ($start >= 0) {
-                    $length = self::safeStrlen($str) - $start;
-                } else {
-                    $length = -$start;
-                }
-            }
-            // $length calculation above might result in a 0-length string
-            if ($length === 0) {
-                return '';
-            }
-            return \mb_substr($str, $start, $length, '8bit');
-        }
+        #[\SensitiveParameter]
+        string $str,
+        int $start = 0,
+        ?int $length = null
+    ): string {
         if ($length === 0) {
             return '';
         }
-        // Unlike mb_substr(), substr() doesn't accept null for length
-        if (!is_null($length)) {
+        if (\function_exists('mb_substr')) {
+            return \mb_substr($str, $start, $length, '8bit');
+        }
+        // Unlike mb_substr(), substr() doesn't accept NULL for length
+        if ($length !== null) {
             return \substr($str, $start, $length);
         } else {
             return \substr($str, $start);
         }
     }
-}
\ No newline at end of file
+}
diff --git a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/EncoderInterface.php b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/EncoderInterface.php
index 76568dcf7a2..9cafbf96c83 100644
--- a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/EncoderInterface.php
+++ b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/EncoderInterface.php
@@ -1,8 +1,9 @@
 <?php
+declare(strict_types=1);
 namespace ParagonIE\ConstantTime;
 
 /**
- *  Copyright (c) 2016 - 2017 Paragon Initiative Enterprises.
+ *  Copyright (c) 2016 - 2022 Paragon Initiative Enterprises.
  *  Copyright (c) 2014 Steve "Sc00bz" Thomas (steve at tobtu dot com)
  *
  *  Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -34,17 +35,18 @@ interface EncoderInterface
      * Convert a binary string into a hexadecimal string without cache-timing
      * leaks
      *
-     * @param string $bin_string (raw binary)
+     * @param string $binString (raw binary)
      * @return string
      */
-    public static function encode($bin_string);
+    public static function encode(string $binString): string;
 
     /**
      * Convert a binary string into a hexadecimal string without cache-timing
      * leaks
      *
-     * @param string $encoded_string
+     * @param string $encodedString
+     * @param bool $strictPadding Error on invalid padding
      * @return string (raw binary)
      */
-    public static function decode($encoded_string);
-}
\ No newline at end of file
+    public static function decode(string $encodedString, bool $strictPadding = false): string;
+}
diff --git a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/LICENSE.txt b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/LICENSE.txt
index 06302425a34..91acaca6730 100644
--- a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/LICENSE.txt
+++ b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/LICENSE.txt
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016 Paragon Initiative Enterprises
+Copyright (c) 2016 - 2022 Paragon Initiative Enterprises
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/README.md b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/README.md
new file mode 100644
index 00000000000..211f0dc9f98
--- /dev/null
+++ b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/README.md
@@ -0,0 +1,88 @@
+# Constant-Time Encoding
+
+[![Build Status](https://github.com/paragonie/constant_time_encoding/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/constant_time_encoding/actions)
+[![Static Analysis](https://github.com/paragonie/constant_time_encoding/actions/workflows/psalm.yml/badge.svg)](https://github.com/paragonie/constant_time_encoding/actions)
+[![Latest Stable Version](https://poser.pugx.org/paragonie/constant_time_encoding/v/stable)](https://packagist.org/packages/paragonie/constant_time_encoding)
+[![Latest Unstable Version](https://poser.pugx.org/paragonie/constant_time_encoding/v/unstable)](https://packagist.org/packages/paragonie/constant_time_encoding)
+[![License](https://poser.pugx.org/paragonie/constant_time_encoding/license)](https://packagist.org/packages/paragonie/constant_time_encoding)
+[![Downloads](https://img.shields.io/packagist/dt/paragonie/constant_time_encoding.svg)](https://packagist.org/packages/paragonie/constant_time_encoding)
+
+Based on the [constant-time base64 implementation made by Steve "Sc00bz" Thomas](https://github.com/Sc00bz/ConstTimeEncoding),
+this library aims to offer character encoding functions that do not leak
+information about what you are encoding/decoding via processor cache 
+misses. Further reading on [cache-timing attacks](http://blog.ircmaxell.com/2014/11/its-all-about-time.html).
+
+Our fork offers the following enhancements:
+
+* `mbstring.func_overload` resistance
+* Unit tests
+* Composer- and Packagist-ready
+* Base16 encoding
+* Base32 encoding
+* Uses `pack()` and `unpack()` instead of `chr()` and `ord()`
+
+## PHP Version Requirements
+
+Version 3 of this library should work on **PHP 8** or newer.
+
+Version 2 of this library should work on **PHP 7** or newer. See [the v2.x branch](https://github.com/paragonie/constant_time_encoding/tree/v2.x).
+
+For PHP 5 support, see [the v1.x branch](https://github.com/paragonie/constant_time_encoding/tree/v1.x).
+
+If you are adding this as a dependency to a project intended to work on PHP 5 through 8.4, please set the required version to `^1|^2|^3`.
+
+## How to Install
+
+```sh
+composer require paragonie/constant_time_encoding
+```
+
+## How to Use
+
+```php
+use ParagonIE\ConstantTime\Encoding;
+
+// possibly (if applicable): 
+// require 'vendor/autoload.php';
+
+$data = random_bytes(32);
+echo Encoding::base64Encode($data), "\n";
+echo Encoding::base32EncodeUpper($data), "\n";
+echo Encoding::base32Encode($data), "\n";
+echo Encoding::hexEncode($data), "\n";
+echo Encoding::hexEncodeUpper($data), "\n";
+```
+
+Example output:
+ 
+```
+1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
+2VMKKPSHSWVCVZJ6E7SONRY3ZXCNG3GE6ZZFU7TGJSX7KUKFNLAQ====
+2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====
+d558a53e4795aa2ae53e27e4e6c71bcdc4d36cc4f6725a7e664caff551456ac1
+D558A53E4795AA2AE53E27E4E6C71BDCC4D36CC4F6725A7E664CAFF551456AC1
+```
+
+If you only need a particular variant, you can just reference the 
+required class like so:
+
+```php
+use ParagonIE\ConstantTime\Base64;
+use ParagonIE\ConstantTime\Base32;
+
+$data = random_bytes(32);
+echo Base64::encode($data), "\n";
+echo Base32::encode($data), "\n";
+```
+
+Example output:
+
+```
+1VilPkeVqirlPifk5scbzcTTbMT2clp+Zkyv9VFFasE=
+2vmkkpshswvcvzj6e7sonry3zxcng3ge6zzfu7tgjsx7kukfnlaq====
+```
+
+## Support Contracts
+
+If your company uses this library in their products or services, you may be
+interested in [purchasing a support contract from Paragon Initiative Enterprises](https://paragonie.com/enterprise).
diff --git a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/composer.json b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/composer.json
index 7aad332b7d9..5023095b403 100644
--- a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/composer.json
+++ b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/composer.json
@@ -2,7 +2,18 @@
   "name": "paragonie/constant_time_encoding",
   "description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)",
   "keywords": [
-    "base64", "encoding", "rfc4648", "base32", "base16", "hex", "bin2hex", "hex2bin", "base64_encode", "base64_decode", "base32_encode", "base32_decode"
+    "base64",
+    "encoding",
+    "rfc4648",
+    "base32",
+    "base16",
+    "hex",
+    "bin2hex",
+    "hex2bin",
+    "base64_encode",
+    "base64_decode",
+    "base32_encode",
+    "base32_decode"
   ],
   "license": "MIT",
   "type": "library",
@@ -26,15 +37,20 @@
     "source":   "https://github.com/paragonie/constant_time_encoding"
   },
   "require": {
-    "php": "^7"
+    "php": "^8"
   },
   "require-dev": {
-    "phpunit/phpunit": "^6",
-    "vimeo/psalm": "^0.3|^"
+    "phpunit/phpunit": "^9",
+    "vimeo/psalm": "^4|^5"
   },
   "autoload": {
     "psr-4": {
       "ParagonIE\\ConstantTime\\": "src/"
     }
+  },
+  "autoload-dev": {
+    "psr-4": {
+      "ParagonIE\\ConstantTime\\Tests\\": "tests/"
+    }
   }
 }
diff --git a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/readme_moodle.txt b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/readme_moodle.txt
index b54b217bca1..bf42f07befe 100644
--- a/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/readme_moodle.txt
+++ b/admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime/readme_moodle.txt
@@ -1,17 +1,17 @@
-Constant-Time Encoding 2.1.1
+Constant-Time Encoding
 --------------
-https://github.com/paragonie/constant_time_encoding/releases/tag/v2.1.1
 
-Instructions to import WebAuthn into Moodle:
+Instructions to import Constant-Time Encoding into Moodle:
 
 1. Download the latest release from https://github.com/paragonie/constant_time_encoding/releases/tag/vx.x.x
    (choose "Source code")
 2. Unzip the source code
-3. Copy the following files from constant_time_encoding-x.x/lib/constant_time_encoding into admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime:
+3. Copy the following files from constant_time_encoding-x.x/src into admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime:
    1. Base32.php
    2. Binary.php
    3. EncoderInterface.php
 
 4. Copy the following files from constant_time_encoding-x.x into admin/tool/mfa/factor/totp/extlib/ParagonIE/ConstantTime:
    1. LICENSE
-   2. composer.json
+   2. README.md
+   3. composer.json
diff --git a/admin/tool/mfa/factor/totp/thirdpartylibs.xml b/admin/tool/mfa/factor/totp/thirdpartylibs.xml
index 734b191277a..4d30bcc99ff 100644
--- a/admin/tool/mfa/factor/totp/thirdpartylibs.xml
+++ b/admin/tool/mfa/factor/totp/thirdpartylibs.xml
@@ -10,7 +10,7 @@
   <library>
     <location>extlib/ParagonIE/ConstantTime</location>
     <name>Constant-Time Encoding</name>
-    <version>2.1.1</version>
+    <version>3.0.0</version>
     <license>MIT</license>
     <repository>https://github.com/paragonie/constant_time_encoding</repository>
   </library>