olfek
commented
2 months ago I'm a fool 🤦 https://datatracker.ietf.org/doc/html/rfc4648#section-6
Closed olfek closed 2 months ago
olfek
commented
2 months ago I'm a fool 🤦 https://datatracker.ietf.org/doc/html/rfc4648#section-6
mymindstorm
commented
2 months ago We appreciate the issue nonetheless lol
https://github.com/Authenticator-Extension/Authenticator/blob/284facae9aea0fe677c9426e2ad81e51c4b0ab65/src/models/key-utilities.ts#L55C1-L55C52
If the secret is 85 bits in length for example (17 base 32 characters), instead of the typical 80 (16 base 32 characters), only 84 bits are read, the last bit is missed, and the partial incomplete secret is processed.
I use the phrase "would be truncated" rather than "is truncated" in the title because so far, all the secrets I've seen have a bit length that is a multiple of 4.
Maybe I'm missing something, are secrets bit length required to be a multiple of 4 according to some specification I don't know about?