Support for Base16 and maybe later also Base64 share secret keys

radprogrammer / rad-authenticator

Time-Based One-Time Password (TOTP) projects in Delphi with Google Authenticator compatible PIN number generation

Apache License 2.0

40 stars 12 forks source link

Support for Base16 and maybe later also Base64 share secret keys #3

Closed MrDevGuy2K closed 11 months ago

MrDevGuy2K commented 2 years ago

It can be with a TOTP that a seed is a string of random characters, usually 16-32 characters long. Currently, as I understand it now only Base32 strings are used as shared secret keys supported for TOTP. Wouldn't it make sense to implement 16-32 random characters and maybe even later Base64 strings as shared secret keys (seeds) as well?

I think this would be helpful too!

darianmiller commented 11 months ago

Sorry I completely missed your issue. The secret keys are commonly stored in encoded fashion using Base32, which I don't believe is in the RFC but that is the standard practice when looking at the various OTP generators online. The only RFC guideline about the secret key itself is that it is must be at least 128 bits in length, but they also recommend it to be 160 bits.