Giter Site home page Giter Site logo

akanass / rx-otp Goto Github PK

View Code? Open in Web Editor NEW
77.0 5.0 9.0 556 KB

HMAC-based (HOTP) and Time-based (TOTP) One-Time Password manager. Works with Google Authenticator for Two-Factor Authentication.

License: MIT License

Makefile 0.36% JavaScript 0.14% TypeScript 99.50%
otp hotp totp google-authenticator qrcode-generator u2f two-factor-authentication observable rxjs7

rx-otp's People

Contributors

akanass avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

yilab brunophilipe quickserver amreeshtyagi gcochard deltasource barockok wwprootor michaelvalasanyan

rx-otp's Issues

browserify version of jsopt

function hotp(key, count, digitLength,algimType) {
if(!algimType){
algimType='SHA-1';
}
var shaObj = new jsSHA(algimType, "HEX");
shaObj.setHMACKey(key, "TEXT");
count =count.toString(16);
if(count.length<16){
var tmpZero='0';
count=tmpZero.repeat(16-count.length)+count;
}
shaObj.update(count);
var hash = shaObj.getHMAC("HEX");
var offset = Math.abs(parseInt(hash.substr(38, 2), 16));
offset = (offset & 0x0F)*2;
var trucateValue = "0x" + hash.substr(offset, 8);
trucateValue = Math.abs(parseInt(trucateValue)) & 0x7FFFFFFF;
if (!digitLength || digitLength <= 0 || digitLength > 6) {
digitLength = 6;
}
var hotpValue=(trucateValue % (Math.pow(10 , digitLength))).toString();
var lengthDiff=digitLength-hotpValue.length;
if(lengthDiff){
var tmpZero='0';
hotpValue=tmpZero.repeat(lengthDiff)+hotpValue;
}
return hotpValue;
}

function totp(key, timeStampDifference, stepLength, digitLength,algimType) {
    if(!stepLength){
        stepLength=30*1000;
    }
    return hotp(key, Math.floor(timeStampDifference / stepLength), digitLength);
}

and about the jsSHA,you can find it by google 'jsSHA'

Serious failure in verification

Hey

Unless i'm hugely missing something, ร™2F.verifyOTP seems to have a significant flaw..

For example, with a base32_key of VALN YFSX VQNO DANY L3HQ AENO 5FKY 4FMV, U2F.verifyOTP accepts a valid code from my authenticator but it also accepts a low digit, such as 1, 2 or 3, with a delta between -1 and 1.

This doesn't seem to match the behaviour of other online TOTP validators.

After verifying one valid code with GA, all other subsequent verifications also return true for the same secret. 

var check = OTP.googleAuthenticator.verify('123456', '0123456789ABCD', 2); // wrong code, returns null
var check = OTP.googleAuthenticator.verify('654321', '0123456789ABCD', 2); // right code, returns delta=0
// call after 10 seconds
var check = OTP.googleAuthenticator.verify('654321', '0123456789ABCD', 2); // right code, returns delta=0
// call after 30 seconds
var check = OTP.googleAuthenticator.verify('654321', '0123456789ABCD', 2); // right code, returns delta=0
// call after 5 minutes
var check = OTP.googleAuthenticator.verify('654321', '0123456789ABCD', 2); // right code, returns delta=0
// etc...

I found that manually setting the timestamp on GoogleAuthnticator.js line 248 fixes the problem, like so:

// before:
return TOTP.verify(_token, {string:self.decode(_secret)}, {window:_window});
// after:
return TOTP.verify(_token, {string:self.decode(_secret)}, {window:_window, timestamp: new Date().getTime()});

I believe it is being caused by joi caching the value of timestamp.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.