Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
flocke2615yYeah, the HOTP RFC, on which TOTP is based as well actually allows for a variable length of the token. 6 is just recommended as the minimal value, I assume that's why it is used everywhere.
-
C0D4681385y@Abrynos maybe at a point where I'm not messing around with it anymore and looking to make it production viable.
Otherwise the RFC isn't too complicated if you've worked with base32 algos before.
Best doc I came across in my journeys last night which got me to the secret key/code
https://github.com/google/...
Still need to do the verification side of it.
If you use googles charts to generate a QR code, url encode the otpauth:// part. -
C0D4681385yOk, so implementing the 8 digit code is not a good idea.
Android and blackberry ignore the digits part and just generates 6, which makes sense.... not.
Not even google follow the RFC π€¦βοΈ
Fuck my duck!
Back to 6 I go.
Hell I probably can't use huge base32 seeds either on other devices.
Related Rants
So here I am, skrewing around with the Google Authenticator app and the dodgiest base32 code generator I've ever built and generating a 56 char unique ID, and a 8 digit time based code.
WTF, all these products, services and logins that use 6 digit codes... and this fucking thing can handle 8 without breaking π
Now... to hook it into a QR code class... and spit out an image I can actually scan, without calling google charts api.
I can't say I've written one of those before π
rant
acme
otp
php muahahahaha
8 digit codes
base32
my name ain't john
google authenticator