TOTP not returning correct codes for seeds with length 26 characters

hgfischer / go-otp

Package go-otp implements one-time-password generators used in 2-factor authentication systems like RSA-tokens. Currently this supports both HOTP (RFC-4226), TOTP (RFC-6238) and Base32 encoding (RFC-3548) for Google Authenticator compatibility

Other

203 stars 37 forks source link

TOTP not returning correct codes for seeds with length 26 characters #7

Open petrm opened 8 years ago

petrm commented 8 years ago

Hello, I discovered that the code is not returning correct values for this seed: HG3ST7NLZJJRASIQSLQLZH2EDV

Further testing has shown that all seeds in the same length produce an incorrect code. For timestamp 2016-05-21 07:00:37.995 +0200 CEST the value returned is 502621, but it should be 289787. I am not sure where to start debugging.

petrm commented 8 years ago

Ok, found the problem, the code assumes that the base32 string is padded.

f100024 commented 1 year ago

Please take a look https://github.com/hgfischer/go-otp/pull/12