A query about TOTP input length

bdauvergne / python-oath

Python implementation of HOTP, TOTP and OCRA algorithms from OATH

BSD 3-Clause "New" or "Revised" License

128 stars 35 forks source link

A query about TOTP input length #29

Closed LangLEvoI closed 8 years ago

LangLEvoI commented 8 years ago

I am confused the key_seed with key_sha512.

In RFC 6238, Sha-1 string is '12345678901234567890' (20 bytes) Sha-512 string is '1234567890123456789012345678901234567890123456789012345678901234' (64 bytes)

In your test unit, it is a key_seed = '1234567890', I am not really understand it's mean.

for example, I have a original key(or key_seed?) is '12345678901234567890123456789012' (32 bytes), I would like to use Sha-512 hash, what is my Sha-512 string? double original key(64 bytes)?

bdauvergne commented 8 years ago

Key can be any octet string (even empty) encoded as hexadecimal, there is no imposed length see https://en.wikipedia.org/wiki/Hash-based_message_authentication_code for the reason why.