search

Authenticator-Extension / Authenticator

Authenticator generates 2-Step Verification codes in your browser.
https://authenticator.cc
MIT License
3.42k stars 798 forks source link

Bits are lost when removing padding in function `base32tohex` #1300

Closed olfek closed 2 months ago

olfek commented 2 months ago

https://github.com/Authenticator-Extension/Authenticator/blob/284facae9aea0fe677c9426e2ad81e51c4b0ab65/src/models/key-utilities.ts#L67

I found an actual bug this time. @mymindstorm

Consider this example:

Input:

base32tohex("KK======")

Where KK is 01010 01010

Output in hex: 52 (01010 010)

The last 2 bits 10 have been lost.

The code to remove padding is removing too much.

olfek commented 2 months ago

KK is not a valid sequence of octets, my bad 😅