maemo.org - Talk - View Single Post

dovf	2013-05-17 , 08:46
Posts: 31 \| Thanked: 44 times \| Joined on Jun 2010	#7

Originally Posted by drifter

I am unable to get dovf's method to auth for 3rd party sites using the instructions provided (to the tee). It is producing incorrect validation codes.

When I first started using otpn900, I had a problem which turned out to be that I was converting to base32 incorrectly. As explained at [1], "the Base32 encoding scheme defined by RFC 4648 is not the same as base-32 mathematical notation (because the encoding avoids easy-to-confuse characters like I and O)". Once I performed the conversion correctly, it works well.

One way to perform this conversion on linux is using oathtool (this example uses the key in otpn900's google authenticator tutorial):

Code:

$ oathtool --totp -v -b cgpqe4sh4iqtzrgv

which produces the output

Code:

Hex secret: 119f027247e2213cc4d5
Base32 secret: CGPQE4SH4IQTZRGV
Digits: 6
Window size: 0
Step size (seconds): 30
Start time: 1970-01-01 00:00:00 UTC (0)
Current time: 2013-05-17 08:39:07 UTC (1368779947)
Counter: 0x2B8328E (45625998)

"Hex secret" is the input you need to give otpn900.

Hope this helps!

[1] http://zaitcev.livejournal.com/214579.html

Quote & Reply |