Change 2FA to use hostname as issuer (fixes #4518) #4525

Nutomic · 2024-03-11T09:30:01Z

Im not sure if this is backwards compatible with existing 2FA tokens or if this is a breaking change.

dullbananas · 2024-03-11T12:37:55Z

Probably backwards compatible because totp_rs appears to only use the secret when signing timestamps, but I might be wrong

dessalines · 2024-03-11T15:37:03Z

That sounds right, AFAIK the issuer name is only to help you add it to your TOTP client.

I'm not sure, because it looks like even the check_totp_2fa_valid function requires you to rebuild the TOTP with the issuer name.

@constantoine does a TOTP check require a correct issuer name?

constantoine · 2024-03-11T15:50:12Z

@dessalines issuer is only useful for generating the URI that will be scanned by the TOTP Client, and is used for disambiguation purposes

The only thing used for a check is indeed the secret key (and timestamp), so this will not affect token generation in any way

dessalines · 2024-03-11T20:26:11Z

Sweet, thx!

Nutomic requested review from dessalines, phiresky and dullbananas as code owners March 11, 2024 09:30

Nutomic force-pushed the totp-hostname branch from cd34434 to 5d1c568 Compare March 11, 2024 10:19

Change 2FA to use hostname as issuer (fixes #4518)

bb3017e

Nutomic force-pushed the totp-hostname branch from 5d1c568 to bb3017e Compare March 11, 2024 10:20

dessalines approved these changes Mar 11, 2024

View reviewed changes

dessalines merged commit 5d361d6 into main Mar 11, 2024
2 checks passed

Provide feedback