moolticute icon indicating copy to clipboard operation
moolticute copied to clipboard
verified publisher icon mooltipass

Support 205 character long (128 byte) TOTP secrets

Open adarazs opened this issue 3 years ago • 4 comments

Missing feature

I tried to register a TOTP token in Moolticute and turns out there is a 72 character limit for the shared secret. I see this limit was already increased after issue #791, but from this particular site I got a TOTP secret that was 205 characters long. FreeOTP on Android was able to handle it and worked correctly.

Looks like the secret was base32 encoded, so I think the key is 205*5/8 = 128.125 --> 128 bytes long.

The RFC for TOTP doesn't specify the max key size:

  • https://datatracker.ietf.org/doc/html/rfc6238#section-5.1 refers to RFC4226
  • https://datatracker.ietf.org/doc/html/rfc4226#section-4 "R6 - The algorithm MUST use a strong shared secret. The length of the shared secret MUST be at least 128 bits. This document RECOMMENDs a shared secret length of 160 bits."

While I think 1024 bits of shared secret is unnecessary, there's not much we can do about some sites using it.

I also found this relevant pull request: https://github.com/mooltipass/moolticute/pull/793 - So if we currently support 64 byte keys, doubling everything again should work.

Justification

I am sure this is not the only site using stupidly long shared secrets, so it will be probably useful in the future for others as well. A warning when hitting the character limit would be useful too, it took me a while to figure out that the string was truncated when I pasted it in Moolticute.

Workarounds

No workarounds apart from using a different TOTP authenticator.

adarazs avatar May 10 '22 11:05 adarazs

a 128bytes long secret... damn.

limpkin avatar May 10 '22 11:05 limpkin

a 128bytes long secret... damn.

Yeah, I don't even advocate strongly to implement this, as a 128 byte key is a waste of storage space and the use of this silly long key just demonstrates the lack of understanding of how much shared secret is even meaningful in this scenario.

This is more of a report that such a thing exists. It is better to know that it can cause issues and people might run into it. Maybe adding a warning to the UI is enough that the key is too long?

adarazs avatar May 10 '22 13:05 adarazs

linked to https://github.com/mooltipass/moolticute/issues/1045

limpkin avatar Mar 12 '23 10:03 limpkin

To avoid using 128 bytes reserved for every TOTP secret, you could link the second half to another memory location and use a flag to signal the larger size is used and build the key from all memory locations. This principal could be extended to reduce the default size to the standard 16 bytes (128 bits) and the flag could be a 1 byte size size indicator.

ChrisGuyML avatar Aug 24 '23 17:08 ChrisGuyML