Any secret (hotp o totp) beginning with 0x00 are ignored because only the first byte is checked (it's really a rudimentary check!) to know if secret have to be stored (user has type a new one) or keep the old one. htop.c/write_to_slot()/line 500.
This secret never trust the condition if (secret[0] == 0). So any secret beginig with 0x00 gives the same code as:
oathtool --totp --time-step-size=30s --digits 6 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
because FLASH memories clear to 0xFF.
Workaround:
Change the secret, request a new one or disable and reenable two step authentication. Depends on the provider.
Any secret (hotp o totp) beginning with 0x00 are ignored because only the first byte is checked (it's really a rudimentary check!) to know if secret have to be stored (user has type a new one) or keep the old one. htop.c/write_to_slot()/line 500.
An example. This was may google TOTP secret:
This secret never trust the condition
if (secret[0] == 0)
. So any secret beginig with 0x00 gives the same code as:oathtool --totp --time-step-size=30s --digits 6 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
because FLASH memories clear to 0xFF.Workaround: Change the secret, request a new one or disable and reenable two step authentication. Depends on the provider.