Closed indy-singh closed 4 years ago
Hi Indy,
nothing happens - an int with a leading zero is still an int. You can also take a look at the official TOTP test vectors - one of them has a leading zero: https://tools.ietf.org/html/rfc6238#appendix-B
Hi Stan,
Thanks for the quick answer. I should have tested this before asking the question.
In either case, for anyone else, the leading zero case does not matter:-
const string secret = "WEX4MILJJVROFSYRDG2YTRR2OBTHIM2K";
var base32Bytes = Base32Encoding.ToBytes(secret);
var totp = new OtpNet.Totp(base32Bytes);
var dateTime = new DateTime(2020, 09, 02, 16, 43, 30, DateTimeKind.Utc);
if (totp.VerifyTotp(dateTime, "073358", out var _, VerificationWindow.RfcSpecifiedNetworkDelay))
{
Console.WriteLine("yes");
}
if (SecurityDriven.Inferno.Otp.TOTP.ValidateTOTP(base32Bytes, 73358, () => dateTime))
{
Console.WriteLine("yes");
}
Thanks, Indy
Hi,
Playing around with the TOTP api, and I noticed that Validate method call takes in a
int
in the second parameter:-https://github.com/sdrapkin/SecurityDriven.Inferno/blob/554fedb6b8aeff48a51d9a6c8bccc62ab46c64ae/Otp/TOTP.cs#L87
What happens if the code has a leading zero (e.g. 094124)?
Thanks, Indy