-
Notifications
You must be signed in to change notification settings - Fork 446
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ROTP::Base32 doesn't properly handle padding #29
Comments
Actually we use a custom version of Base32 on purpose. The Base32 decoder on the most popular 2FA application (Google Authenticator) is a bit wonky. For example, it silently discards extra bits on a Base32 string thats padded - https://code.google.com/p/google-authenticator/source/browse/src/com/google/android/apps/authenticator/Base32String.java?repo=android#101 There's no easy way to go back and fix this. |
Odd. What's your suggested workaround then for non-random base32 secrets that result in padding? Just drop the |
So because it's non-standard, I'd actually stick to secret lengths that are multiples of 8. For example, Google uses 16 characters, which works regardless of Base32 behavior. So if another popular 2FA application comes up and handles it differently, they'll both work. Dropbox however uses 20 characters without padding that results in bits being dropped on Google Authenticator. For perfect future proofing, just use 16 or 24 characters and you should be fine. |
Sorry, just realized you said non-random. I'd find a way to make sure it's always 16 or 24 characters long, deterministically. Off the top of my head, I'd generate a SHA-256. Take the first 24 bytes, then generate a character from Base32 for each one. Something like Base32Chars[byte % 32]. Since 256 is evenly divisible by 32, you don't need to worry about a bias. Hope that helps |
Padding using
=
is supported by RFC3548.Example:
The text was updated successfully, but these errors were encountered: