[Cryptography] Extracting TOTP credentials
Ron Garret
ron at flownet.com
Mon Feb 17 17:29:34 EST 2020
On Feb 15, 2020, at 5:26 AM, Ron Garret <ron at flownet.com> wrote:
> I use a client-provided VPN that requires a TOTP token. I had been using Authy to store and deploy these tokens but recently decided that Authy is no longer trustworthy so I decided to write my own implementation of TOTP. The problem I’m having now is that I don’t actually know how to extract the TOTP token from the provisioning system. The TOTP standard calls for the token to be provided in base32 format but that is not what Authy uses (which is one of the many reasons I want to ditch it). Instead, the key is provided as a sequence of seven four-digit alphanumeric sequences, similar to a Microscof software license key. Does anyone here know how to convert one of these to a standard TOTP key?
Never mind, I figured it out. The alphanumeric sequences ARE the token, you just have to fram them all together and then base32-decode them. I didn’t think this was the case because I wasn’t expecting the token to be that long. The token turns out to be 160 bits which seems like a ridiculous amount of overkill to me. But what do I know?
rg
More information about the cryptography
mailing list