Comments (6)
"I am specifying the token (from the url I was sent) and have tried entering the IMEI, IMEI SV, SIM, and the DeviceID from the RSA application."
Does the failure look like this?
$ stoken import --token=http://127.0.0.1/securid/ctf?ctfData=283144849057951431261040462445741631217721155333513374645173124460220200360477563
This token is bound to a specific device.
Enter device serial number (IMEI): 123
IMEI does not match the token.
Enter device serial number (IMEI): abc
IMEI does not match the token.
Enter device serial number (IMEI):
error: invalid IMEI
"I am loath to post the specifics in this ticket since the values are highly sensitive."
Right, please don't send that info to anyone.
from stoken.
Yes. That is exactly what i am seeing.
Clint
On Mar 14, 2013 10:32 PM, "Kevin Cernekee" [email protected] wrote:
"I am specifying the token (from the url I was sent) and have tried
entering the IMEI, IMEI SV, SIM, and the DeviceID from the RSA application."Does the failure look like this?
$ stoken import --token=
http://127.0.0.1/securid/ctf?ctfData=283144849057951431261040462445741631217721155333513374645173124460220200360477563
This token is bound to a specific device.
Enter device serial number (IMEI): 123
IMEI does not match the token.
Enter device serial number (IMEI): abc
IMEI does not match the token.
Enter device serial number (IMEI):
error: invalid IMEI"I am loath to post the specifics in this ticket since the values are
highly sensitive."Right, please don't send that info to anyone.
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1#issuecomment-14940883
.
from stoken.
OK let's try this as an experiment:
diff --git a/src/securid.c b/src/securid.c
index 5abcaa7..ee657a5 100644
--- a/src/securid.c
+++ b/src/securid.c
@@ -257,7 +257,7 @@ static int generate_key_hash(uint8_t *key_hash, const char *
/* skip anything that isn't a digit */
for (; *devid; devid++) {
- if (*devid >= '0' && *devid <= '9') {
+ if (1 || *devid >= '0' && *devid <= '9') {
if (len++ > DEVID_CHARS)
return ERR_BAD_PASSWORD;
*(p++) = *devid;
@@ -265,7 +265,7 @@ static int generate_key_hash(uint8_t *key_hash, const char *
}
if (device_id_hash)
*device_id_hash = securid_shortmac(&key[pos],
- DEVID_CHARS);
+ 40);
pos += len;
} else if (device_id_hash) {
/* just hash the zeroed devid buffer */
from stoken.
fantastic. this patch allows me to import the token using my phone's deviceID (as reported in the RSA app). once imported the KEY it generates is the same one as the RSA app on my phone.
When I view the countdown timer via (stoken-gui) it appears to be 13 seconds behind the timer in the RSA app.
from stoken.
Thanks for the feedback.
It looks like there are at least two different ways to handle the device ID: one which strips out non-numeric characters and hashes over 32 bytes, and one which strips out non-uppercase-hex characters and hashes over 40 bytes. I will do some more digging and update the stoken project to properly support both cases.
"When I view the countdown timer via (stoken-gui) it appears to be 13 seconds behind the timer in the RSA app."
This just means the clocks are out of sync. You can see Android's system clock in the RSA About menu, and watch the PC clock with something like:
TZ=UTC xclock -digital -twentyfour -update 1 &
To sync the PC time to internet time servers, try:
sudo ntpdate -u pool.ntp.org
from stoken.
I always enable NTP update as a rule on my machines (many many things do
not like scewed clocks, not just OTP/crypto) and I also generally allow my
phone to get it's date/time sync from the network.
$ sudo ntpdate -u pool.ntp.org
16 Mar 18:57:07 ntpdate[6124]: adjust time server 108.61.56.35 offset
0.176137 sec
I checked my phone's time vs pool.ntp.org (using the NTPSync app), and it
reported a -14060ms difference between the pool and system clock. (meaning
my phone is 14.06 seconds fast.)
I never thought to validate that my phone's clock is correct before. very
interesting.
Thanks again for the help.
On Sat, Mar 16, 2013 at 5:09 PM, Kevin Cernekee [email protected]:
Thanks for the feedback.
It looks like there are at least two different ways to handle the device
ID: one which strips out non-numeric characters and hashes over 32 bytes,
and one which strips out non-uppercase-hex characters and hashes over 40
bytes. I will do some more digging and update the stoken project to
properly support both cases."When I view the countdown timer via (stoken-gui) it appears to be 13
seconds behind the timer in the RSA app."This just means the clocks are out of sync. You can see Android's system
clock in the RSA About menu, and watch the PC clock with something like:TZ=UTC xclock -digital -twentyfour -update 1 &
To sync the PC time to internet time servers, try:
sudo ntpdate -u pool.ntp.org
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1#issuecomment-15012308
.
from stoken.
Related Issues (20)
- Ability to copy both current and next tokencode HOT 5
- Can a SID700 hardware token behavior be emulated? HOT 2
- Port to NodeJS HOT 5
- SetPin nor pin in stoken.rc allow alphanumeric pin.
- How can I create a new batch certificate ? HOT 1
- Documentation Update - Next Tokencode CLI HOT 1
- Respect XDG base directories
- iPhone token - Device ID mismatch HOT 3
- RFE: port to openssl crypto
- Arduino Due support HOT 3
- UI issue on MacOS Monterrey
- Add configurable timeout for re-entry of PIN
- Keyboard shortcuts don't close application
- Is this project still in development? HOT 2
- 'mlockall' error HOT 1
- error: --token string is garbled: General failure HOT 1
- How do you remove a stored token? HOT 1
- RFE: please start making github releases HOT 2
- Why do you need stoken-gui-small.desktop
- stoken 0.93 tarball HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stoken.