otp icon indicating copy to clipboard operation
otp copied to clipboard

Published 20 hours ago verified publisher icon naim94a

`HOTP::from_base32` does not support 16 chars.

Open cathay4t opened this issue 5 years ago • 3 comments

Both github and M$ are using 16 chars base32 secret.

I tried to append \0 to the &[u8] when using HOTP::from_bin, still no luck.

Do you know how to fix it?

cathay4t avatar Dec 25 '19 14:12 cathay4t

It sounds like the secret is in it's text form, from_bin accepts the secret in it's binary form. Try using HOTP::from_base32 on the textual secret.

Most services, including Github, MS, Google, etc... use TOTP. You may want to try using the totp/validate_totp functions...

If this doesn't resolve your issue, please attach a snippet of your code.

naim94a avatar Dec 25 '19 16:12 naim94a 

extern crate libotp;

use libotp::{HOTP, TOTP};

fn get_token(key: &str) -> String {
    format!(
        "{:06}",
        TOTP::new(HOTP::from_base32(key).unwrap(), 30, 0).get_otp(6, 0)
    )
}

fn main() {
    println!("{}", get_token("AAA234567AABCDEF"))
}

As comparison to pyotp

python -c 'import pyotp; print(pyotp.TOTP("AAA234567AABCDEF").now())'

The problem is ring::hmac does not support HMAC-MD5 in rust while python does:

python -c 'import hmac; print(hmac.new("AAA234567AABCDEF".encode("utf-8")).name)'

cathay4t avatar Dec 27 '19 04:12 cathay4t

I have ported my code to python which works well.

If you don't want investigate on this, feel free to close this.

cathay4t avatar Dec 27 '19 05:12 cathay4t