csyezheng / a2fa Goto Github PK
View Code? Open in Web Editor NEWa2fa is a command line tool for generating and validating one-time password. Its purpose is to get rid of phones and be able to authenticate easily.
License: Apache License 2.0
a2fa's People
Contributors
Stargazers
Watchers
Forkers
justpoliz interyz googit0001 minibase23 enpin753 clearfsz justccz alphazye stunnxx seyezeq yeserz blazedfire0 go-popular-repos blazeoffire0 blazedye dreamjz follow-the-vine-to-get-to-the-melon go-tracked-reposa2fa's Issues
encrypting the shared keys
Use case:
One-time passwords can be easily calculated if the secret key is compromised
Proposal:
It is recommend to encrypt the shared secrets
Current behaviour:
Currently secret keys are stored in clear text in the database.
Desired behaviour:
Storing the keys securely by encrypting them with tamper-resistant hardware encryption
Alternatives considered:
Using the user’s password to encrypt the secret keys
生成的密码和谷歌身份验证器对不上
a2fa generate "sjty rbgo 56og 37kj sz6s ry2c t3l3 pm5p"
输出
Code: 358511
谷歌身份验证器同一时间是 919019
leading zeros are missing for the generated verification code
Steps to reproduce
a2fa generate xxxxxxxxx
Expected behaviour
003269
Actual behaviour
3269
a2fa list results in random number of records listed
Steps to reproduce
Run with argument "list" multiple times
Expected behaviour
All records displayed
Actual behaviour
Random records displayed
Environment info
linux Ubuntu / Windows 11
Proposed fix: (confirmed to work locally)
Alter cmd/commands/list.go listAccounts
When the append(result, otpView{...}) line of code is run concurrently from multiple goroutines, they all try to write to the result slice at the same time which results in some writes being lost.
Solution: synchronize access to the result slice by wrapping the section in a mutex
example:
var wg sync.WaitGroup
var mu sync.Mutex
for _, account := range accounts {
wg.Add(1)
go func(account models.Account) {
defer wg.Done()
code, err := account.OTP()
if err != nil {
log.Printf("%s %s generate code error%s\n", account.AccountName, account.Username, err)
} else {
mu.Lock() // start critical section
result = append(result, otpView{
accountName: account.AccountName,
userName: account.Username,
code: code,
})
mu.Unlock() // end critical section
}
}(account)
}...`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.