[Cryptography] Extracting TOTP credentials
John Levine
johnl at iecc.com
Mon Feb 17 20:21:53 EST 2020
In article <3CAFE00D-192A-43AD-9FF2-F14A68E0D87F at flownet.com> you write:
>the key is provided as a sequence of seven four-digit alphanumeric sequences
>Never mind, I figured it out. The alphanumeric sequences ARE the token, you just have to fram them all together and then
>base32-decode them. I didnt think this was the case because I wasnt expecting the token to be that long. The token turns
>out to be 160 bits which seems like a ridiculous amount of overkill to me. But what do I know?
Gmail's tokens are 8 four-character groups, Amazon's are 13. Only 7? How strangely weak.
More information about the cryptography
mailing list