https://github.com/pyramation/totp/blob/master/packages/totp/sql/launchql-totp--0.0.3.sql#L121

• random() is used to generate random values

It is documented that it's not suitable for cryptographic use https://www.postgresql.org/docs/current/functions-math.html:

The random() function uses a simple linear congruential algorithm. It is fast but not suitable for cryptographic applications; see the pgcrypto module for a more secure alternative. If setseed() is called, the series of results of subsequent random() calls in the current session can be repeated by re-issuing setseed() with the same argument.