sha256/sha512 secret buffer size #77
Conversation
…-time passcode to work correctly
index.js
Outdated
| secret_buffer_size = 32; // 32 bytes | ||
| } else if (algorithm === 'sha512') { | ||
| secret_buffer_size = 64; // 64 bytes | ||
| } else { |
There was a problem hiding this comment.
This case should check for sha1. The default case should warn when an unsupported algorithm is given; the crypto module accepts algorithms not officially supported by the spec. Throwing an exception would be safer, but would restrict usage. Thoughts?
There was a problem hiding this comment.
sha1 is not explicit rather than implied, also added a test for not throwing an error for unofficial algorithms
index.js
Outdated
| @@ -40,6 +40,16 @@ exports.digest = function digest (options) { | |||
| if (encoding === 'base32') { secret = base32.decode(secret); } | |||
| secret = new Buffer(secret, encoding); | |||
| } | |||
| // pad the buffer to the correct size be repeating the secret | |||
| var secret_buffer_size; | |||
There was a problem hiding this comment.
Initialize this variable to 0 or similar for 'no padding'.
There was a problem hiding this comment.
I now handle a no padding state
index.js
Outdated
| } else { | ||
| secret_buffer_size = 20; // 20 bytes | ||
| } | ||
| secret = new Buffer(Array(secret_buffer_size).join(secret.toString('hex')).substr(0, secret_buffer_size * 2), 'hex'); |
There was a problem hiding this comment.
For efficiency, when padding is not needed, this code should not run.
There was a problem hiding this comment.
This step is only performed if the secret_buffer_size is now different from the secret.length
2 similar comments
…epeat the key rather than the end user
|
Super, thank you for the quick update! |
The secret buffer needs to be repeated to the proper size for the one-time passcode to work correctly. Resolves issue #76