Learn More
Resend Email
26
C0D4
5y

So here I am, skrewing around with the Google Authenticator app and the dodgiest base32 code generator I've ever built and generating a 56 char unique ID, and a 8 digit time based code.

WTF, all these products, services and logins that use 6 digit codes... and this fucking thing can handle 8 without breaking πŸ˜‘

Now... to hook it into a QR code class... and spit out an image I can actually scan, without calling google charts api.

I can't say I've written one of those before πŸ™ƒ

rant

acme

otp

php muahahahaha

8 digit codes

base32

my name ain't john

google authenticator
Favorite
Ranter
Comments
  • 2
    5y
    Do you have any links to documentation for this?
  • 5
    5y
    Yeah, the HOTP RFC, on which TOTP is based as well actually allows for a variable length of the token. 6 is just recommended as the minimal value, I assume that's why it is used everywhere.
  • 4
    5y
    @Abrynos maybe at a point where I'm not messing around with it anymore and looking to make it production viable.

    Otherwise the RFC isn't too complicated if you've worked with base32 algos before.

    Best doc I came across in my journeys last night which got me to the secret key/code
    https://github.com/google/...

    Still need to do the verification side of it.

    If you use googles charts to generate a QR code, url encode the otpauth:// part.
  • 3
    5y
    @ewpratten ^^
  • 2
    5y
    @C0D4 thanks
  • 2
    5y
    Ok, so implementing the 8 digit code is not a good idea.
    Android and blackberry ignore the digits part and just generates 6, which makes sense.... not.

    Not even google follow the RFC 🀦‍♂️
    Fuck my duck!

    Back to 6 I go.
    Hell I probably can't use huge base32 seeds either on other devices.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment