`last` needs to be 1 or greater or the library doesn't work

riverrun / one_time_pass_ecto

No longer maintained - One-time password library with Ecto support (for Elixir)

55 stars 9 forks source link

`last` needs to be 1 or greater or the library doesn't work #11

Closed lleger closed 2 years ago

lleger commented 3 years ago

If you use 0 as the "last" value, the verification fails:

secret = OneTimePassEcto.Base.gen_secret(32)
code = OneTimePassEcto.Base.gen_hotp(secret, 0)
OneTimePassEcto.Base.check_hotp(code, secret) # => false

But it works with 1:

secret = OneTimePassEcto.Base.gen_secret(32)
code = OneTimePassEcto.Base.gen_hotp(secret, 1)
OneTimePassEcto.Base.check_hotp(code, secret) # => 1

Took me a while to figure this out! Seems like it would be good to document this somewhere?

riverrun commented 2 years ago

Sorry for the delay in getting back to you - there is just never enough time :)

I have added a little note to the documentation.

And for your information, I am deprecating this library, as I do not have the time and energy needed to devote to it. I have updated the README with recommendations for other one-time password libraries.