Re: OTP broken?
Dieter Klünter wrote:
Am Sat, 7 Nov 2015 14:33:22 +0100
schrieb Michael Ströder <michael(a)stroeder.com>:
> Dieter Klünter wrote:
>> 6. added credentials by ldappasswd
>> userPassword::
>> e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09
>
> I have not really tried the module myself yet but I note that the key
> is actually 21 bytes long (see below). Shouldn't that be 20 bytes?
>
> Python 2.7.10 (default, May 24 2015, 14:46:10) [GCC] on linux2
>>>>
'e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09'.decode('base64')
> '{TOTP1}NBUEI6KEJMYDCNBTGI2TMQKCINCA===='
>>>> s='NBUEI6KEJMYDCNBTGI2TMQKCINCA===='.decode('base64')
>>>> len(s)
> 21
The TOTP1 string is base32 encoded, not base64.
If it's sent to the Google Authenticator the base32-encoded form is appended
to the totp:// URL. And looking at slapd-totp.c it seems you're also right
regarding the storage format in 'userPassword':
/* Key is stored in base32 */
But still 17 bytes look strange to me:
Python 2.7.10 (default, May 24 2015, 14:46:10) [GCC] on linux2
>> import base64
>> base64.b32decode('NBUEI6KEJMYDCNBTGI2TMQKCINCA====')
'hhDyDK0143256ABCD'
>>
len(base64.b32decode('NBUEI6KEJMYDCNBTGI2TMQKCINCA===='))
17
What's the correct length of your shared secret?
Ciao, Michael.
Attachments:
- smime.p7s (application/pkcs7-signature — 4.1 KB)