Hi!

I have some issues where the verification seems to pass randomly when it should fail.

Here's a minimal script to show this issue:

# frozen_string_literal: true

require "bundler/inline"

gemfile(true) do
  source "https://rubygems.org"

  git_source(:github) { |repo| "https://github.com/#{repo}.git" }

  gem "rotp"
  gem "pry"
end

class Foobar
  DRIFT = 60
  INTERVAL = 60

  attr_accessor(:key, :proof)

  def initialize
    @key = ROTP::Base32.random_base32
  end

  def generate_proof(time)
    @proof = totp_generator.at(time)
  end

  def verify_proof(time)
    !totp_generator.verify(proof, drift_behind: DRIFT, drift_ahead: DRIFT, at: time).nil?
  end

  def totp_generator
    @totp_generator ||= ROTP::TOTP.new(
      key,
      interval: INTERVAL,
      digits: 3,
      digest: "SHA256"
    )
  end
end

drift = 60 # seconds
interval = 60 # seconds
1000.times do
  # Align time at start of interval
  time = Time.at((Time.now.to_f / interval).floor * interval)
  foobar = Foobar.new

  foobar.generate_proof(time)

  raise "SHOULD BE FALSE" if foobar.verify_proof(time - drift - 2)
  raise "SHOULD BE TRUE" unless foobar.verify_proof(time - drift)
  raise "SHOULD BE TRUE" unless foobar.verify_proof(time)
  raise "SHOULD BE TRUE" unless foobar.verify_proof(time + interval + drift - 1)
  raise "SHOULD BE FALSE" if foobar.verify_proof(time + interval + drift)

  puts("All good")
end

Now, it most often fails on the last raise here. I first thought it might be some kind of small timing issue so I added even more time to it to make sure it fails, like this:

foobar.verify_proof(time + interval + drift + 1000)

It still passes sometimes, which seems very odd to me!

Is there a bug in here or am I doing something wrong? 🤔

Why doesn't the Base32 decode function handle padding?

This doesn't work:

2.2.0 :012 > totp = ROTP::TOTP.new Base32.encode("dntqoaxas7rvtfuf")
 => #<ROTP::TOTP:0x007fdd4d062458 @interval=30, @issuer=nil, @digits=6, @digest="sha1", @secret="MRXHI4LPMF4GC4ZXOJ3HIZTVMY======">
2.2.0 :013 > totp.now
ROTP::Base32::Base32Error: Invalid Base32 Character - '='
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/base32.rb:43:in `decode_quint'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/base32.rb:28:in `block in decode_block'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/base32.rb:28:in `each_char'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/base32.rb:28:in `each'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/base32.rb:28:in `map'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/base32.rb:28:in `decode_block'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/base32.rb:10:in `block in decode'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/base32.rb:9:in `each'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/base32.rb:9:in `decode'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/otp.rb:52:in `byte_secret'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/otp.rb:26:in `generate_otp'
    from /Users/bjohnson/.rvm/gems/ruby-2.2.0/gems/rotp-2.1.0/lib/rotp/totp.rb:29:in `now'

But this works?

2.2.0 :014 > totp = ROTP::TOTP.new Base32.encode("dntqoaxas7rvtfuf").gsub(/=/, '')
 => #<ROTP::TOTP:0x007fdd4d045268 @interval=30, @issuer=nil, @digits=6, @digest="sha1", @secret="MRXHI4LPMF4GC4ZXOJ3HIZTVMY">
2.2.0 :015 > totp.now
 => "907944"

P.S.

Why is the Base32 decode hand rolled? Why not use the standard library?

Thanks!

I am using HOTP for the counter based verification and I want to use drift_behind, drfit_ahead and at to verify HOTP and it looks like there is no option to set those.

Is there any reason for not including those in HOTP? Is OTP generated through HOTP never expires?

Hey Guys,

I am generating an OTP in one API call and verifying it in a separate call, but this doesn't seem to work properly. I have tried this by passing correct as well as wrong values but result is same. Maybe I am missing something or this shouldn't be used this way.

# 1st API call
otp = ROTP::TOTP.new('base32secret3232', issuer: 'MyApp', interval: 180)

Now we will use this OTP in a separate call to verify it.

# 2nd API call
otp = ROTP::TOTP.new('base32secret3232')
verified_otp_at = otp.verify(params[:otp]) # this produces nil

I believe the commit that should be tagged is: 62874be

would you mind adding a tag so I compare between the v6.1.0 tag and the v6.2.0 tag easily?

Hey there,

I currently have ROTP 1.4.1 locked in the Gemspec for jaredonline/google-authenticator because bumping above that breaks my specs. I'm assuming it has to do with the Base64 encoding changes made in 1.4.5/1.4.6.

I figure I'll make the appropriate changes in my app, but wanted to know if this will cause backward incompatibility for users of the GoogleAuthenticatorRails gem.

Any insight would be helpful!

Hello,

I am in a situation that requirements are specifically asked for 4-digit OTP. Is there any possibility to generate 4-digit or any specific length OTP?

Your guidance will be much appreciated.

I recently had to add a new code. This one was much longer than the others. I found that mdp/rotp was giving a different code than Google Authenticator. I tested with the CLI and found that it was being handled correctly via oathtool but not via rotp:

This is correct:

oathtool --totp -v -b IFADSABWAA2AAMAAHFAFCABRAAWQAQIAIFADOABXAAWQANAAG4ADOACDAAWQAQQAIYAFIACFAAWQARIAGQAFFABVAA3AANIAHAAFIABYAAYAAQYAIMAA

Hex secret: 414039003600340030003940510031002d0041004140370037002d0034003700370043002d0042004600540045002d00450034005280350036003500380054003800300043004300
Base32 secret: IFADSABWAA2AAMAAHFAFCABRAAWQAQIAIFADOABXAAWQANAAG4ADOACDAAWQAQQAIYAFIACFAAWQARIAGQAFFABVAA3AANIAHAAFIABYAAYAAQYAIMAA====
Digits: 6
Window size: 0
Step size (seconds): 30
Start time: 1970-01-01 00:00:00 UTC (0)
Current time: 2019-05-09 15:47:06 UTC (1557416826)
Counter: 0x31824A6 (51913894)

861917

Run at the same time, this produces a different code:

puts ROTP::TOTP.new('IFADSABWAA2AAMAAHFAFCABRAAWQAQIAIFADOABXAAWQANAAG4ADOACDAAWQAQQAIYAFIACFAAWQARIAGQAFFABVAA3AANIAHAAFIABYAAYAAQYAIMAA').now
# 413689

I'm using the latest version of mdp/rotp and ruby 2.4.1. What am I doing wrong?

The key uri format documents indicate that the algorithm should be populated especially if it's not 'SHA1'. The algorithm is currently never populated.

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

When using google authenticator which only supports SHA1 this is not an issue, but for users not using google authenticator, the missing algorithm makes it harder to share the secret.

The fix is a one-liner in the #provisioning_uri method (https://github.com/mdp/rotp/blob/master/lib/rotp/totp.rb#L85) when building the params hash.

params {
...
algorithm: digest.upcase == 'SHA1' ? nil : digest.upcase,
...
}

Let me know if you need a PR for that.

Hi I am using "active_model_otp" gem and that uses internally "rotp" gem. As per the active_model_otp gem default code it should be generating 6 digit code. While I am doing extensive testing, I that found many times 3 or 4 digit code is getting generated.
And then it fails in VERIFY section. It is causing alot of trouble. Infact the developer of active_model_otp has also implemented PADDING by default but still it is not doing any padding and I am still getting 3 digit code.

For reference here is the link where I have posted question on active_model_otp
heapsource/active_model_otp#12

https://github.com/heapsource/active_model_otp/blob/4ec7c5686211be6cf9a08dc022c69ca7eddf077a/lib/active_model/one_time_password.rb#L24

https://github.com/heapsource/active_model_otp/blob/4ec7c5686211be6cf9a08dc022c69ca7eddf077a/lib/active_model/one_time_password.rb#L41

Thanks
Shivani

The README references "HOTP" and links to the draft which became "TOTP RFC 6238".

Can you clarify which time-based RFC is implemented? Does the README require updating?

After upgrading to Ruby version 2.7.2 I get the following notice when running rails test

/Users/fydelio/.rvm/gems/ruby-2.7.2/gems/rotp-2.1.2/lib/rotp/totp.rb:56: warning: URI.escape is obsolete

The API has gotten a bit verbose with non-breaking changes. For 4.0 I'd like to simplify it a bit more.

totp = ROTP::TOTP.new 'wrn3pqx5uqxqvnqr'
totp.verify(code, {drift: 30, prior: 0, at: Time.now }) #=> timestamp

Thoughts and ideas?

Hello!

otp = ROTP::TOTP.new(secret).now
...
rotp = ROTP::TOTP.new(secret)
rotp.verify_with_drift_and_prior(otp, 30, last_verify_at) => true

When I logout and try to login within 30 seconds I get error because otp was verified already. And I have to wait 0-30 seconds to try with new otp.

Is it possible to do ROTP::TOTP.new(secret).now to generate new value that would be valid with rotp.verify_with_drift_and_prior(otp, 30, last_verify_at)?

I am trying to follow the installation instructions on verifying OTP tokens that have not been used already, using the suggested method totp.verify_with_drift_and_prior (as described in the README) but it doesn't work and I can't find the method in the gem's codebase.

Is this method in some new branch? I'm using v3.1.0 of the gem.

Cheers, Dan

There is a slight bias in secrets generated using random_base32 due to the use of modulous. The bias is quite small and unlikely to be exploitable, but for piece of mind generated secrets should be as random as possible.

Additional Information

• https://stackoverflow.com/questions/10984974/why-do-people-say-there-is-modulo-bias-when-using-a-random-number-generator
• http://ericlippert.com/2013/12/16/how-much-bias-is-introduced-by-the-remainder-technique/

just show the code & error msg (mac osx 10.8 & rvm) & irb

require 'rotp'
hotp = ROTP::HOTP.new("base32secretkey3232")
hotp.at(0)

NoMethodError: undefined method `>>' for nil:NilClass
from /home/.rvm/gems/ruby-1.9.3-p392/gems/rotp-1.4.4/lib/rotp/base32.rb:31:in `decode_block'
from /home/.rvm/gems/ruby-1.9.3-p392/gems/rotp-1.4.4/lib/rotp/base32.rb:9:in `block in decode'
from /home/.rvm/gems/ruby-1.9.3-p392/gems/rotp-1.4.4/lib/rotp/base32.rb:8:in `each'
from /home/.rvm/gems/ruby-1.9.3-p392/gems/rotp-1.4.4/lib/rotp/base32.rb:8:in `decode'
from /home/.rvm/gems/ruby-1.9.3-p392/gems/rotp-1.4.4/lib/rotp/otp.rb:49:in `byte_secret'
from /home/.rvm/gems/ruby-1.9.3-p392/gems/rotp-1.4.4/lib/rotp/otp.rb:26:in `generate_otp'
from /home/.rvm/gems/ruby-1.9.3-p392/gems/rotp-1.4.4/lib/rotp/hotp.rb:8:in `at'
from (irb):3
from /home/.rvm/rubies/ruby-1.9.3-p392/bin/irb:16:in `<main>'

& it can be use base32 gem?

Thanks

Thank you for user create marvelous gem.

Proposal

I think the backup code feature is useful, so suggest implementing the backup code function.

I'm tried the "Counter based OTP's" example on Ruby 2.4.1 and got vastly different results. I just added a puts in front of each line, so that I can see the output:

require 'rubygems'
require 'rotp'

hotp = ROTP::HOTP.new("base32secretkey3232")
puts hotp.at(0) # => "260182"
puts hotp.at(1) # => "055283"
puts hotp.at(1401) # => "316439"

# OTP verified with a counter
puts hotp.verify("316439", 1401) # => true
puts hotp.verify("316439", 1402) # => false

Output:

786922
595254
259769
false
false

For me, I get "259769" for hotp.at(1401).
Maybe you want to update your example.

Tested this on:
Ruby version: ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-darwin16]
ropt: 3.3.0

Google Authenticator provides the option to manually enter a 16-digit key as opposed to scanning the QR code. The "secret" field in the provisioning uri is much longer than 16 digits, so that's not it...I've spent hours Googling and pawing through source code and can't find an answer to this seemingly straightforward question - hoping you can be of help.

It would be useful if there was a counter retry function built into the HOTP method, in which case the successful counter value would be returned like so:

# current
# OTP verified with a counter
hotp.verify(316439, 1401) # => true
hotp.verify(316439, 1402) # => false

# proposed
RETRIES = 20
hotp.verify(316439, 1390, RETRIES) # => 1401  (the counter value that succeeded)
hotp.verify(316439, 1380, RETRIES) # => false

Hi Team,
we are facing issue while trying to call otp_code method.

$gem_library_root/vendor/bundle/ruby/2.3.0/gems/rotp-4.1.0/lib/rotp/totp.rb:17
$gem_library_root/vendor/bundle/ruby/2.3.0/gems/active_model_otp-1.2.0/lib/active_model/one_time_password.rb:77

as far as I dig into, I found this.
the issue is in arguments, it seems the latest rotp gem have updated below method to accept only 1 argument insted of 2 as compared to older version (3.3.1)
as per rotp-4.1.0

`

   def at(time)
      generate_otp(timecode(time))
    end

`

as per rotp-3.3.1
`

  def at(time, padding=true)
      unless time.class == Time
           time = Time.at(time.to_i)
      end	  
      generate_otp(timecode(time), padding)
 end

`

since the optional parameter has been removed, the active_model_otp-1.20 gem is giving error at line number 77

I can make changes in the gem but not sure what else will break, active-model gem was last updated in 2015, and rotp updated few months back.
please suggest suitable method, if I revert back to previous gem version of rotp then what else would break.

kinldy help.

I'm looking at the examples here: https://daplie.github.io/browser-authenticator/
In concert with this spec from google: https://github.com/google/google-authenticator/wiki/Key-Uri-Format

Here is their example:

otpauth://totp/ACME%20Co:[email protected]?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30

It appears that their label is

ACME%20Co:[email protected]

The spec says that the label should be composed of

  issuer ":" name

The rotp implementation seems to omit the ":" in between the two values.
https://github.com/mdp/rotp/blob/master/lib/rotp/totp.rb#L67

    encode_params("otpauth://totp/#{issuer_string}#{URI.encode(name)}", params)

I'm more than happy to put in a PR to fix this, but wondering if others have seen this / decided not to fix it, etc. Is the correct approach to just put the ":" on the front of the name as you pass it into the provisioning_uri method?

It seems like verify works wrong sometimes. I'm trying to verify code at the moment it was created:

totp = ROTP::TOTP.new(ROTP::Base32.random)

loop.with_index do |_, i|
  interval = totp.verify(totp.now)

  unless interval
    puts "break at #{i}"
    break
  end
end

# receive
break at 184357

While same code with interval: 1 and drift_behind: 30 works perfect even with verify at: (Time.now+29):

totp = ROTP::TOTP.new(ROTP::Base32.random, interval: 1)

loop.with_index do |_, i|
  interval = totp.verify(totp.now,
                         at: Time.now + 29,
                         drift_behind: 30 )

  unless interval
    puts "break at #{i}"
    break
  end
end
#no breaks for 1,5+ millions attempts

Maybe it is related to integer division at timecode method?

I was wondering if you'd consider supporting SHA256 based TOTP's? I'm using some services that are appending a "algorithm=SHA256" parameter to their otpauth URL's
(see https://github.com/google/google-authenticator/wiki/Key-Uri-Format)

if I have time I may follow up with a PR.

Hello,

It's helpful to see on your README that "ROTP::Base32.random_base32 is now ROTP::Base32.random and the argument has changed from secret string length to byte length to allow for more precision."

However, it is unlcear what is meant by "has changed from secret string length to byte length". Will you please explain?

Also, it looks like the rdoc for this class is still out of date.

Hey,

I'm using devise-two-factor in an application, which uses this.

When I try to log in, I get:

NoMethodError - undefined method `&' for (486311991/10):Rational:
  rotp (2.1.1) lib/rotp/otp.rb:62:in `int_to_bytestring'
  rotp (2.1.1) lib/rotp/otp.rb:27:in `generate_otp'
  rotp (2.1.1) lib/rotp/totp.rb:23:in `at'
  devise-two-factor (2.1.0) lib/devise_two_factor/models/two_factor_authenticatable.rb:38:in `current_otp'
  app/models/user.rb:15:in `send_two_factor_authentication_code'
  app/controllers/users/sessions_controller.rb:30:in `send_2fa_code'
  actionpack (4.2.5.2) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
  actionpack (4.2.5.2) lib/abstract_controller/base.rb:198:in `process_action'
  actionpack (4.2.5.2) lib/action_controller/metal/rendering.rb:10:in `process_action'
  actionpack (4.2.5.2) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
  activesupport (4.2.5.2) lib/active_support/callbacks.rb:117:in `call'
  activesupport (4.2.5.2) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
  activesupport (4.2.5.2) lib/active_support/callbacks.rb:505:in `call'
  activesupport (4.2.5.2) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
  activesupport (4.2.5.2) lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
  activesupport (4.2.5.2) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (4.2.5.2) lib/abstract_controller/callbacks.rb:19:in `process_action'
  actionpack (4.2.5.2) lib/action_controller/metal/rescue.rb:29:in `process_action'
  actionpack (4.2.5.2) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
  activesupport (4.2.5.2) lib/active_support/notifications.rb:164:in `block in instrument'
  activesupport (4.2.5.2) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
  activesupport (4.2.5.2) lib/active_support/notifications.rb:164:in `instrument'
  actionpack (4.2.5.2) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
  actionpack (4.2.5.2) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
  searchkick (1.2.1) lib/searchkick/logging.rb:153:in `process_action'
  activerecord (4.2.5.2) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
  actionpack (4.2.5.2) lib/abstract_controller/base.rb:137:in `process'
  actionview (4.2.5.2) lib/action_view/rendering.rb:30:in `process'
  actionpack (4.2.5.2) lib/action_controller/metal.rb:196:in `dispatch'
  actionpack (4.2.5.2) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
  actionpack (4.2.5.2) lib/action_controller/metal.rb:237:in `block in action'
  actionpack (4.2.5.2) lib/action_dispatch/routing/route_set.rb:74:in `dispatch'
  actionpack (4.2.5.2) lib/action_dispatch/routing/route_set.rb:43:in `serve'
  actionpack (4.2.5.2) lib/action_dispatch/routing/mapper.rb:49:in `serve'
  actionpack (4.2.5.2) lib/action_dispatch/journey/router.rb:43:in `block in serve'
  actionpack (4.2.5.2) lib/action_dispatch/journey/router.rb:30:in `serve'
  actionpack (4.2.5.2) lib/action_dispatch/routing/route_set.rb:815:in `call'
  warden (1.2.6) lib/warden/manager.rb:35:in `block in call'
  warden (1.2.6) lib/warden/manager.rb:34:in `call'
  rack (1.6.4) lib/rack/etag.rb:24:in `call'
  rack (1.6.4) lib/rack/conditionalget.rb:38:in `call'
  rack (1.6.4) lib/rack/head.rb:13:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/flash.rb:260:in `call'
  rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
  rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/cookies.rb:560:in `call'
  activerecord (4.2.5.2) lib/active_record/query_cache.rb:36:in `call'
  activerecord (4.2.5.2) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
  activerecord (4.2.5.2) lib/active_record/migration.rb:377:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
  activesupport (4.2.5.2) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
  activesupport (4.2.5.2) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
  activesupport (4.2.5.2) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/reloader.rb:73:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:84:in `protected_app_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:79:in `better_errors_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
  web-console (2.3.0) lib/web_console/middleware.rb:28:in `block in call'
  web-console (2.3.0) lib/web_console/middleware.rb:18:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
  railties (4.2.5.2) lib/rails/rack/logger.rb:38:in `call_app'
  railties (4.2.5.2) lib/rails/rack/logger.rb:20:in `block in call'
  activesupport (4.2.5.2) lib/active_support/tagged_logging.rb:68:in `block in tagged'
  activesupport (4.2.5.2) lib/active_support/tagged_logging.rb:26:in `tagged'
  activesupport (4.2.5.2) lib/active_support/tagged_logging.rb:68:in `tagged'
  railties (4.2.5.2) lib/rails/rack/logger.rb:20:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/request_id.rb:21:in `call'
  rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
  rack (1.6.4) lib/rack/runtime.rb:18:in `call'
  activesupport (4.2.5.2) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
  rack (1.6.4) lib/rack/lock.rb:17:in `call'
  actionpack (4.2.5.2) lib/action_dispatch/middleware/static.rb:116:in `call'
  rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
  railties (4.2.5.2) lib/rails/engine.rb:518:in `call'
  railties (4.2.5.2) lib/rails/application.rb:165:in `call'
  rack (1.6.4) lib/rack/lock.rb:17:in `call'
  rack (1.6.4) lib/rack/content_length.rb:15:in `call'
  rack (1.6.4) lib/rack/handler/webrick.rb:88:in `service'
  /Users/chris/.rbenv/versions/2.2.4/lib/ruby/2.2.0/webrick/httpserver.rb:138:in `service'
  /Users/chris/.rbenv/versions/2.2.4/lib/ruby/2.2.0/webrick/httpserver.rb:94:in `run'
  /Users/chris/.rbenv/versions/2.2.4/lib/ruby/2.2.0/webrick/server.rb:294:in `block in start_thread'

Here's a more interactive look at the behavior:

Now, I've noticed behavior like this from another gem I'm also using: gem 'ruby-units', '~> 2.0'

I'm posting here because it looks like just calling int.to_i would fix it and someone else might run into this. But also out of some curiosity: what default behavior is being messed with here?

Dear all,

This message is for ROTP developers.
GOOZE is an active contributor in free software.

To help ROTP, GOOZE would like to donate a set of hardware tokens compatible with HOTP and TOTP to your project:

• C100 HOTP token
  http://www.gooze.eu/otp-c100-token-event-based-1-unit
• C200 H3+ TOTP token
  http://www.gooze.eu/otp-c200-token-time-based-h3-casing-1-unit
• C200 H17 TOTP token
  http://www.gooze.eu/otp-c200-token-time-based-h17-casing-1-unit

Would you accept a donation of (free) tokens and where shall we ship them?
Please contact me on my private add: jmpoure ATATATAT gooze.eu

Kind regards,
Jean-Michel POURE

Is there some way to know how much time is left for the latest totp token to expire? Or is it simply just time to next :00 or :30 (or configured interval)?

Working on upgrading devise-two-factor from 3.x to 4.x and a part of that was upgrading the OTP gem to 6.0, however now I'm getting the error mentioned in the title

undefined method 'verify_with_drift' for u003cROTP::TOTP

from looking at the code base it seems that the method was removed but the CHANGELOG doesn't mention anything on deprecating the method or replacing it.
I also cant seem to find any other issues related to this. Any help would be appreciate

Hi. I'd like to implement something like what PayPal does, but I haven't been able to figure out if it's possible with rotp.

When you request an initial OTP from PayPal to be sent to your mobile phone, you receive the code and a message that it will expire in 5 minutes. If you then request a new OTP, the old one immediately becomes invalid, but the new one remains valid for 5 minutes.

How can this be achieved with rotp?

Thanks!

Hello, I'm trying to set an interval of 30 days, but when I check if that key is still valid on that interval I'm getting false as return.

Example:

THIRTY_DAYS_IN_SECONDS = 2592000
start_date = Time.now
rotp = ROTP::HOTP.new("test", interval: THIRTY_DAYS_IN_SECONDS, digits: 8)
key = rotp.at(start_date)
sleep(5)
rotp2 = ROTP::TOTP.new("test", interval: THIRTY_DAYS_IN_SECONDS, digits: 8)
rotp.verify(key)
=> true
rotp2.verify(key)
=> true
rotp2.verify(key, start_date)
=> true
rotp2.verify(key, start_date + 2591000.seconds)
=> false
rotp2.verify(key, start_date + 2101000.seconds)
=> true
rotp2.verify(key, 26.days.from_now)
 => false 
rotp2.verify(key, 25.days.from_now)
 => true 

My guess is that the problem is with timecode because it's a integer division and some time is lost.

What you think? Am I doing something wrong?

I have implemented Google authenticator by ROTP 2 Years back and it stopped working few months back. Code generated by Google and by ROTP on my server are different. I have checked the server timings, my mobile timings and also updated the Gem with latest version, even then its not working. I have also tried this sample snippet of code

require 'rubygems'
require 'rotp'
totp = ROTP::TOTP.new("JBSWY3DPEHPK3PXP")
p "Current OTP: #{totp.now}"

But it is giving different codes all the time, Please suggest ????

The implementation of ROTP::Base32.random_base32 converts 8 bits to 5 with a modulo operator instead of truncating. I am not a cryptography expert, but this seems unwise to me.

Hi. Apologies if I misunderstood something, but I thought that the interval parameter defines how long a TOTP should be valid. However, I'm seeing results that don't conform to this understanding...

Using ROTP v6.1.0 on Ruby 2.7, adapting the example in the README slightly:

totp = ROTP::TOTP.new("base32secret3232", interval: 54)
now = Time.at(1474590600) # 2016-09-23 00:30:00 UTC
code = totp.at(now)
totp.verify(code, at: now + 35) # => 1474590582
totp.verify(code, at: now + 36) # => nil

Shouldn't the code be valid for 54 seconds?

Another example:

now = Time.at(1661254317) # => 2022-08-23 11:31:57 +0000
totp = ROTP::TOTP.new("base32secret3232", interval: 54)
code = totp.at(now) # => "110562"
totp.verify(code, at: now + 8) # => 1661254272
totp.verify(code, at: now + 9) # => nil

Padding using = is supported by RFC3548.

Example:

irb(main):003:0> require "rotp"
=> true
irb(main):004:0> require "base32"
=> true
irb(main):005:0> Base32.encode("thisstringresultsinpadding")
=> "ORUGS43TORZGS3THOJSXG5LMORZWS3TQMFSGI2LOM4======"
irb(main):006:0> Base32.decode("ORUGS43TORZGS3THOJSXG5LMORZWS3TQMFSGI2LOM4======")
=> "thisstringresultsinpadding"
irb(main):007:0> ROTP::Base32.decode("ORUGS43TORZGS3THOJSXG5LMORZWS3TQMFSGI2LOM4======")
ROTP::Base32::Base32Error: Invalid Base32 Character - '='
    from /Users/pstengel/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rotp-1.6.1/lib/rotp/base32.rb:46:in `decode_quint'
    from /Users/pstengel/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rotp-1.6.1/lib/rotp/base32.rb:28:in `block in decode_block'
    from /Users/pstengel/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rotp-1.6.1/lib/rotp/base32.rb:28:in `each_char'
    from /Users/pstengel/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rotp-1.6.1/lib/rotp/base32.rb:28:in `each'
    from /Users/pstengel/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rotp-1.6.1/lib/rotp/base32.rb:28:in `map'
    from /Users/pstengel/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rotp-1.6.1/lib/rotp/base32.rb:28:in `decode_block'
    from /Users/pstengel/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rotp-1.6.1/lib/rotp/base32.rb:10:in `block in decode'
    from /Users/pstengel/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rotp-1.6.1/lib/rotp/base32.rb:9:in `each'
    from /Users/pstengel/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rotp-1.6.1/lib/rotp/base32.rb:9:in `decode'
    from (irb):7
    from /Users/pstengel/.rbenv/versions/2.1.2/bin/irb:11:in `<main>'
irb(main):008:0> ROTP::Base32.decode("ORUGS43TORZGS3THOJSXG5LMORZWS3TQMFSGI2LOM4")
=> "thisstringresultsinpadding"

Current rubygems version has a bug in the hotp.at method. Master on github is working. Please cut a new gem version.

I am using the google authenticator app on an android device, when I log the otp shown on the screen of the app and compare it to a log of generated otp's using the gem, the otp shown on the app appears some 30 odd seconds before it is generated by the app.

It won't help to check if there has been drift presumably because the app isn't showing an otp that was previously generated at some earlier time, it is showing an otp that will be generated in the future.

Description

From RFC 6238:

Note that a prover may send the same OTP inside a given time-step
window multiple times to a verifier. The verifier MUST NOT accept
the second attempt of the OTP after the successful validation has
been issued for the first OTP, which ensures one-time only use of an
OTP.

Once ROTP successfully verifies a TOPT, it should no longer accept subsequent verifications of the same value.

I couldn't find any reference to this requirement for HOTP in RFC 4226. Only TOPT appears to apply.

Expected

otp = ROTP::TOTP.new("base32secret3232")
value = foo.now
foo.verify(value) #=> true
foo.verify(value) #=> false
foo.verify(value) #=> false

Actual

otp = ROTP::TOTP.new("base32secret3232")
value = foo.now
foo.verify(value) #=> true
foo.verify(value) #=> true
foo.verify(value) #=> true

Security Impact

In a two-factor authentication context, an attacker could Man-in-The-Middle the connection between the verifier and provider, obtain the username, password, & OTP values, and log in with the credentials within the current time step (a 30 second window, if defaults are used). Arguably, this defeats the two-factor authentication since the OTP can be replayed multiple times.

Alternatively, an attacker could “shoulder surf” the victim’s second factor device in lieu of compromising the connection.

What steps will reproduce the problem?

1. open Google Authenticator;

2. scan the example barcode given on README;

3. run following codes(saved to a ruby file):

   require 'rubygems'
   require 'rotp'
   totp = ROTP::TOTP.new("JBSWY3DPEHPK3PXP")
   p "Current OTP: #{totp.now}"

What is the expected output? What do you see instead?

Different from the code given from Google Authenticator.

What version of the product are you using? On what operating system?

Google Authenticator 2.15
Android 2.1

When installing this gem there's an older jQuery 1.4.2 js file under this path that triggers CVE-2011-4969 alerts during security scans.

vendor/bundle/ruby/2.7.0/gems/rotp-6.2.0/doc/js
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

Is it possible to remove this jQuery file dependency altogether?, or update it for a newer version, something later than the CVE version suggests? > 1.6.3

Hi there, I noticed since 6.0.0 we have different encoding on the params, which is nice, but I suspect there may be some double encoding issues:

totp = ROTP::TOTP.new("secret", issuer: "hi hi")
totp.provisioning_uri("[email protected]")
=> "otpauth://totp/hi%20hi:[email protected]?secret=secret&issuer=hi%2520hi"

I believe the expected issuer should be hi%20hi.

It looks like the double encoding was added here: It encodes the issuer here: https://github.com/mdp/rotp/pull/94/files#diff-ed386b7f6dadc0ef09bf81c543cffbfbR65
using a newer encoding schema to replace + with %20. It then double encodes here:

It doesn't seem it's possible in Rails (using Rails 5) to persist a rotp object between requests? I must be missing something because this seems like the most basic usecase of this library. I want a user to sign up with their phone number and then we generate a pin and send it back to them.

You would think you could do something like this:

class User < ApplicationRecord
    before_validation :generate_otp_secret_key, on: :create
    def generate_otp_secret_key
	self.otp_secret_key = ROTP::TOTP.new("base32secret3232", issuer: "Tap")
    end
end

But since ROTP::TOTP.new returns its own object type, you can't save it to the database. And since you require the original object to verify the pin with .verify, it seems the functionality of generating a pin for a user to verify them is impossible with this library. Given that this is the purpose of the library, I'M SURE I'M MISSING SOMETHING BASIC. Is there a method you're supposed to put in the model that's not mentioned in the readme? Can someone tell me what I'm missing?

The readme gives this example:

User.find(someUserID)
totp = ROTP::TOTP.new(user.otp_secret)

but they never say where user actually comes from. I tried adding user = to the beginning of the first line but that doesn't seem to work either.

verify_with_drift_and_prior returns nil (not false) when OTP is invalid.

Run this to illustrate what happens:

require 'rotp'

loop do
  totp = ROTP::TOTP.new(ROTP::Base32.random_base32, digits: 4)
  raise totp.now.inspect if totp.verify("")
end

I cannot think of why this would pose any security risk, but it was surprising initially. Although now I understand why it behaves like this after scoping the source, it still seems odd.

Thoughts?

I tried using the gem by obtaining a secret from dropbox (removing spaces). The code does not match the one generated by Google Authenticator. However, I can confirm that on the same computer the codes do match for Google App accounts.

Any idea what could be causing this?

I generated a secret key using ROTP::Base32.random_base32, then create totp using ROTP::TOTP.new(secret_key). When I manually input the secret key in Google Authenticator, its verification code doesn't match the TOTP generated using totp.now.

When adding an issuer, the barcode generated is invalid according to Google Authenticator.

I've tried it with just the issuer parameter.

base32secret = ROTP::Base32.random_base32
totp = ROTP::TOTP.new(base32secret, issuer: 'Example Issuer')
qrcode = totp.provisioning_uri('[email protected]')

I've tried it with a issuer label prefix and a issuer parameter, per Google.

base32secret = ROTP::Base32.random_base32
totp = ROTP::TOTP.new(base32secret, issuer: 'Example Issuer)
qrcode = totp.provisioning_uri('Example Issuer:[email protected]')

5.0.0 was released without a corresponding tag in github, could you please add it?
https://rubygems.org/gems/rotp/versions/5.0.0

My guess is that this is the commit that needs to be tagged:
c384628