susam / mintotp Goto Github PK

Is the 'Getting Started' safe to follow ?
Won't copy-pasting with the provided secret-key and following with google authenticator compromise my google account ?

it gives AttributeError: 'str' object has no attribute 'new' on line 13 because of the hmac module calls .new function on the digest we gave.
You gave sha1 string to it but it should be like

+import hashlib # to the start

def hotp(key, counter, digits=6, digest=hashlib.sha1): # at line 10

and

def totp(key, time_step=30, digits=6, digest=hashlib.sha1): # at line 19

it gives an error because of the & operand doesn't work with str

Like

offset = ord(mac[-1]) & 0x0f

This is a great little script and thank you very much for it. However there is an problem with the following text, as it is no longer accurate.

[…] one of the issues currently with oathtool is that it requires the secret key to be provided as a command line argument […]

In recent versions of oathtool you can provide the key via a pipe (like mintopt) by having '-' as the last argument. You should update your help text to accurately reflect the current situation. mintopt still provides advantages for those wanting a more portable implementation. In addition mintotp allows multiple keys to be provided through the pipe together, while oathtool allows for just one.

Hello!

I noticed your project on HN and decided to translate it into Go. My objective was to simply write it in golang so that I can compile a binary and put them in most of my machines.

My version is here: https://github.com/ashraful-islam/gototp

The source code is more or less reflection of your Python version(with few minor adaptations and changes), so I wanted to check if you are fine with it.

If I have some time I'll also refactor a bit and make a nice go module usable as third-party module.

Traceback (most recent call last):
File "totp.py", line 26, in
print(totp(secret))
File "totp.py", line 21, in totp
return hotp(secret, int(time.time() / interval))
File "totp.py", line 14, in hotp
mac = hmac.digest(secret_bytes, counter_bytes, algo)
AttributeError: module 'hmac' has no attribute 'digest'

it's not a real issue but users can call functions with separated keys.

$ echo "ZYTY YE5F OAGW 5ML7 LRWU L4WT ZLNJ AMZS" | python3 mintotp.py
Traceback (most recent call last):
File "mintotp.py", line 30, in
main()
File "mintotp.py", line 26, in main
print(totp(key.strip(), *args))
File "mintotp.py", line 20, in totp
return hotp(key, int(time.time() / time_step), digits, digest)
File "mintotp.py", line 11, in hotp
key = base64.b32decode(key.upper() + '=' * ((8 - len(key)) % 8))
File "/usr/lib/python3.6/base64.py", line 231, in b32decode
raise binascii.Error('Non-base32 digit found') from None
binascii.Error: Non-base32 digit found
$ echo "ZYTYYE5FOAGW5ML7LRWUL4WTZLNJAMZS" | python3 mintotp.py
246648

you were right at the first two issues i was using python2.7 sorry for that.
Spaces in the keys broke the script it's not a real issue but i think it's worth to know

key = base64.b32decode(key.upper().replace(" ","") + '=' * ((8 - len(key) + key.count(" ")) % 8))

It would be good if new line is not present when copying the token to clipboard and later paste into other prompts. The new line makes login fail as one extra character is present.

$ gpg -q -o - secret.gpg | mintotp | pbcopy
123456

Hi @susam , just wanted to say thanks for your simple and powerful library.

I had ported your library to Ruby and give you credit for your work. Please let me know if I missed out someone to credit for their work in my repo.

This is my repo URL: https://github.com/winhtaikaung/mintotp-ruby

Cheers
🍻