Having issue with Mega.nz totp generation

[addicted-ai]

Hi, I'm trying to generate totp for mega.nz account which have 52 character secret. Google authenticator giving totp fine. But this js not working. Can you look into it.

[AyrA]

Same issue here. The problem seems to be the base32 implementation with padding:

A Base 32 string length always is a multiple of 8 characters, so the padding with = at the end is often not supplied because it can be deduced from the string length. Same for base64 by the way but with 4 instead of 8 characters.

The base32 implementation in this totp script is faulty though. Example:

var x=new jsOTP.totp(30,6);
x.base32tohex("AAAA====");
x.base32tohex("aaaa====");
x.base32tohex("aaaa");

The expected output for all these is "0000000000", but the padded ones are "0000008-400" and the unpadded one is "00000"

[ids93216]

Having same problem here

I found https://github.com/nextcloud/passman/issues/293 post and try to edit jsOTP code, but will cause some sites' key error (like Vultr), so I make some change:

if(base32.length % 8 == 4) for (i = i % 8; i > 0; i--) { bits += this.leftpad('0', 5, '0'); }

Put these in jsOTP.js line 34, between a while loop and "i = 0" in base32tohex function.

I think this might not be a best solution, but it work for me.