Stack Overflow
Stack Overflow

Questions tagged [totp]

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

TOTP is based on HOTP with a timestamp replacing the incrementing counter.

The current timestamp is turned into an integer time-counter (TC) by defining the start of an epoch (T0) and counting in units of a time interval (TI).

Wiki: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

172 questions
1
vote
1 answer

Is it possible to generate a Twilio "OneCode" TOTP token programmatically?

Goal I have a backend service that talks to AWS, and an automated tool that acquires AWS creds. The cred-getter has MFA enabled (not my choice), but I don't want to type in or copy a code. Instead, I want to write a bit of code that can…
Joseph Fraley
  • 51
  • 1
  • 4
1
vote
1 answer

Displaying a QR code dynamically (without saving it first) on a website (Java)

I am new to web design and building a website that uses two-factor authentication (using the Google Authenticator app). When registering as a new user, the user fills out a form in which they choose a username and password. When this is submitted, a…
Ash
  • 61
  • 6
1
vote
1 answer

Interacting with Google Authenticator Using Cryptonite

I am trying to generate TOTPs such that I can make use of the Google Authenticator app. I am using the cryptonite library which provides TOTP functionality. From my understanding, Google Authenticator requires the key in Base32. It also requires the…
James Burton
  • 746
  • 3
  • 12
1
vote
0 answers

Is it safe to crypt 2FA seed with the user password on a server

The main question is: how to safely store 2FA TOTP seeds on a server. Assuming I store all user information in the table in DBMS. I want to protect user data against the case when the whole database is stolen. User password is hashed and salted,…
user2517908
  • 51
  • 5
1
vote
1 answer

Does the TOTP Algorithm rely on the client time always being synced correctly?

What happens if for some reason a cell phones clock / calendar is off by a significant amount of time. Does the TOTP (Time based OTP) algorithm generate an invalid token? Also do time zones play a role in the token being correct or does both the…
Ole
  • 41,793
  • 59
  • 191
  • 359
0
votes
0 answers

Azure B2C TOTP MFA account not able to re-register

We have an issue, where some users do not seem to finish registering with the authenticator app. The problem then is that there seems to be no way to redo it. What i have tried so far. Using "Require re-register multifactor authentication" in the…
366Cobra
  • 29
  • 4
0
votes
0 answers

How to ensure OTPAuth secret is defined

I am attempting to verify a token using the npm package otpAuth and the secret is not defined. Here is the object I pass in to the totp.validate(token) function: let totp = new OTPAuth.TOTP({ issuer: 'Example.com', label: 'Example', algorithm:…
Robert
  • 176
  • 1
  • 12
0
votes
1 answer

Continuous Getting Incorrect Passwords in C# Implementation of RFC 6238 (TOTP)

Currently, I am trying to implement the TOTP standard by referring to RFC 4226 (HOTP) and RFC 6238 (TOTP). My HOTP and TOTP implementations have already passed the tests provided in the standards. The key used is 12345678901234567890. RFC 4226 Test…
Jimmy
  • 11
  • 2
0
votes
0 answers

Enabling FreeOTP login with Spring Boot API and Keycloak

@PutMapping("/users/{userId}/enable-otp") public ResponseEntity enableOtp(@PathVariable String userId) throws JsonProcessingException { UserResource userResource = keycloak.realm("google").users().get(userId); UserRepresentation user…
Khaled
  • 1
  • 3
0
votes
0 answers

Would the flipper zero be able to read/communicate with a physical OTP device?

I have a Fettian C200 H27 token, here is the link, click on h27 casing model: https://www.ftsafe.com/store/product/otp-c200-oath-time-based-totp-token/ I am curious if the flipper zero is able to read this, and if it could, how? I am trying to read…
Anthony Kercher
  • 53
  • 6
0
votes
0 answers

Citrix Netscaler TOTP Authenticator secret is a plain text or is it encoded or encrypted?

I have no experience in Citrix space, I have a client who wants to migrate Citrix TOTP to Azure AD B2C. The Citrix TOTP is synced with On Prem Ad to AAD and the TOTP secret is received as a OIDC claim to B2C. The issue is after migrating the secret…
jees.zacharia
  • 1
0
votes
1 answer

Translate createHmac from crypto to crypto-js with Buffers

I am trying to translate a given Code using crypto to a version using crypto-js without luck so far. I am not even able to get the same hash values. The final goal is to generate TOTP tokens and I need to do it with crypto-js, because I want to…
Stefan AusBerlin
  • 3
  • 3
0
votes
0 answers

OpenVPN TOTP prompt

I configured OpenVPN to use user/password authentication via PAM, which works fine. I tried to add TOTP authentication too (also with PAM), which won't work. The client version is exactly the same as the server version (it shouldn't be a version…
jpeter01
  • 11
  • 2
0
votes
2 answers

OTP Pins Are Different on OTP.NET and OTPTest WebSite

I'm currently testing an OTP scenario using the website https://otptest.de/ and the OTP.NET library. However, I'm consistently getting different OTP PINs between my code and the website. I have provided my code in the following gist: text I would…
Emre Özgürüoğlu
  • 17
  • 7
0
votes
0 answers

Linotp radius module chap

I installed linotp with radius module. I can't login using chap and mschap. Only pap works. cat /etc/freeradius/3.0/sites-enabled/linotp server linotp { listen { ipaddr = * port = 1812 type = auth } listen { ipaddr = * …
student of Mgy
  • 1
1 2 3
11 12