Closed teward closed 4 years ago
Such systems will want back the actual hex code when they ask. So if this does get accepted, it would be of the users interest.
Merging #82 into master will decrease coverage by
0.28%
. The diff coverage is50%
.
@@ Coverage Diff @@
## master #82 +/- ##
==========================================
- Coverage 97.91% 97.62% -0.29%
==========================================
Files 8 8
Lines 335 337 +2
==========================================
+ Hits 328 329 +1
- Misses 7 8 +1
Impacted Files | Coverage Δ | |
---|---|---|
src/pyotp/__init__.py | 93.33% <50%> (-6.67%) |
:arrow_down: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 041f5d3...bfa2e0f. Read the comment docs.
Thanks, this looks good.
RFC 4226 says the secret MUST be at least 128 bits. Your function would have the secret be 64 bits. I'm increasing the default length to 32. When using this and other security libraries, please pay attention to the cryptographic requirements of the underlying algorithms.
It appears that hex secret cannot be used as input secret for TOTP()
import pyotp
import time
totp = pyotp.TOTP(pyotp.random_hex())
totp.now()
Is it only used to provide third-party apps to use, and pyotp do not use it? I don't have a good understanding of the function of this. Can you help me explain?
Some TOTP systems don't accept Base32 input, and want hex. Create a simple 'random_hex' function that wraps around random_base32.
Such a system would be Sophos' XG Firewall when adding customized seeds. These require HEX keys, and there's no outright mechanism to create them here. This is a simple wrapper function added around preexisting random_base32 that provides HEX returns.