[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OTP broken?
Am Sat, 7 Nov 2015 22:03:04 +0100
schrieb Michael Ströder <michael@stroeder.com>:
> Dieter Klünter wrote:
> > Am Sat, 7 Nov 2015 14:33:22 +0100
> > schrieb Michael Ströder <michael@stroeder.com>:
> >
> >> Dieter Klünter wrote:
> >>> 6. added credentials by ldappasswd
> >>> userPassword::
> >>> e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09
> >>
> >> I have not really tried the module myself yet but I note that the
> >> key is actually 21 bytes long (see below). Shouldn't that be 20
> >> bytes?
> >>
> >> Python 2.7.10 (default, May 24 2015, 14:46:10) [GCC] on linux2
> >>>>> 'e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09'.decode('base64')
> >> '{TOTP1}NBUEI6KEJMYDCNBTGI2TMQKCINCA===='
> >>>>> s='NBUEI6KEJMYDCNBTGI2TMQKCINCA===='.decode('base64')
> >>>>> len(s)
> >> 21
> >
> > The TOTP1 string is base32 encoded, not base64.
>
> If it's sent to the Google Authenticator the base32-encoded form is
> appended to the totp:// URL. And looking at slapd-totp.c it seems
> you're also right regarding the storage format in 'userPassword':
>
> /* Key is stored in base32 */
>
> But still 17 bytes look strange to me:
>
> Python 2.7.10 (default, May 24 2015, 14:46:10) [GCC] on linux2
> >>> import base64
> >>> base64.b32decode('NBUEI6KEJMYDCNBTGI2TMQKCINCA====')
> 'hhDyDK0143256ABCD'
> >>> len(base64.b32decode('NBUEI6KEJMYDCNBTGI2TMQKCINCA===='))
> 17
>
> What's the correct length of your shared secret?
In fact i have tested with various length. You are correct that the key
is question is of 17 bytes.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E