[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OTP broken?
Am Sat, 7 Nov 2015 20:53:38 +0100
schrieb Dieter Klünter <dieter@dkluenter.de>:
> Am Sat, 7 Nov 2015 14:33:22 +0100
> schrieb Michael Ströder <michael@stroeder.com>:
>
> > Dieter Klünter wrote:
> > > 6. added credentials by ldappasswd
> > > userPassword::
> > > e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09
> >
> > I have not really tried the module myself yet but I note that the
> > key is actually 21 bytes long (see below). Shouldn't that be 20
> > bytes?
> >
> > Ciao, Michael.
> >
> > Python 2.7.10 (default, May 24 2015, 14:46:10) [GCC] on linux2
> > >>> 'e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09'.decode('base64')
> > '{TOTP1}NBUEI6KEJMYDCNBTGI2TMQKCINCA===='
> > >>> s='NBUEI6KEJMYDCNBTGI2TMQKCINCA===='.decode('base64')
> > >>> len(s)
> > 21
>
> The TOTP1 string is base32 encoded, not base64.
> With regard to length, this might be a bug in google Authenticator, as
> it would not accept a credential string shorter than mine.
Just for the records:
the pw-totp has not a bug. The so called SMART devices are not smart
at all. I expected them to convert user password to a base32 string,
which they don't.
To produce a totp numberstring, the valid base32 string has to be
entered to the smart device application. I have successfully tested it
with google authenticator, Sophos authenticator and FreeOTP.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E