[Cryptography] Extracting TOTP credentials

Mon Feb 17 20:21:53 EST 2020

In article <3CAFE00D-192A-43AD-9FF2-F14A68E0D87F at flownet.com> you write:
>the key is provided as a sequence of seven four-digit alphanumeric sequences

>Never mind, I figured it out.  The alphanumeric sequences ARE the token, you just have to fram them all together and then
>base32-decode them.  I didn’t think this was the case because I wasn’t expecting the token to be that long.  The token turns
>out to be 160 bits which seems like a ridiculous amount of overkill to me.  But what do I know?

Gmail's tokens are 8 four-character groups, Amazon's are 13.  Only 7?  How strangely weak.