Closed anarcat closed 3 years ago
if I remember correctly google authenticator uses base32 format for encoding the secret key and the ykpersonalize tool uses hex (base16) encoding.
if I remember correctly google authenticator uses base32 format for encoding the secret key and the ykpersonalize tool uses hex (base16) encoding.
that is what i found out about as well, except the yubikey uses 20 bytes while google uses 16. is there a way to tweak the former?
Just pad it with zeroes, for hmac (which HOTP is) all keys can be considered to be padded out to 64 bytes with zeroes.
Just pad it with zeroes, for hmac (which HOTP is) all keys can be considered to be padded out to 64 bytes with zeroes.
I tried this and failed. I filed an issue on the google side of things, we'll see how it goes.
hi!
reading the google-authenticator-libpam README file leads me to believe it uses a standard OATH HOTP protocol that should also work with the Yubikey. Yet when I generate a token, it is refused by
ykpersonalize
:... it seems like the string generated by google-authenticator is too long. Yet even if I trim it to 20 characters (20 bytes?), I get the same error...
Is there a way to convert between the Google Authenticator secret format and the Yubikey one?
Update: it seems the Google authenticator secret is base32-encoded (and weirdly too:
base32 -d
doesn't like it). But with a little coercion, it can be converted to hex, although only 32 hex characters, not 40... so 16 bytes?Also: before someone suggests this, I tried setting a 20 bytes secret in google authenticator, and it doesn't seem to work.