Open TonyInTokyo opened 3 years ago
Thanks @TonyInTokyo - will investigate.
Any update on this? FYR https://github.com/Rookiestyle/KeePassOTP/tree/master/src/Yandex
Hi @TonyInTokyo - I'm afraid I haven't had a minute to look in to this. Do you by any chance have any documentation on this format?
@strongbox-mark Thanks for your prompt reply. Yandex is not using a public algorithm to generate the 2FA Codes. But the following projects implemented it anyway. Perhaps you can reference to them. https://github.com/norblik/KeeYaOtp https://github.com/Rookiestyle/KeePassOTP/tree/master/src/Yandex But I fully understand if you decide not to add non-standard/non-public things. In that case, you may close the ticket. Thank you.
Thanks @TonyInTokyo - Do you have any sample URLs or QR Codes for testing purposes? It might be an easy one... How are these encoded in regular KeePass entries? Is it an OTPAuth URL?
@strongbox-mark Hope the following information can help you. Field name in KeePass entrie: otp URL Format: otpauth://totp/Yandex.Mail:user?secret={SECRET}&digits=8&issuer=Yandex.Mail&yandexpin={YANDEXPIN}&encoder=yandex {SECRET}: 42 characters {YANDEXPIN}: 16 digits Generated result: 8 characters Use encoder=yandex to recognize
example: URL: otpauth://totp/Yandex.Mail:sampleuser?secret=QTBUC809YM5AZSQ2RD5P2L2RBWCCAAAAKRB6CRHY35&digits=8&issuer=Yandex.Mail&yandexpin=9587561238785123&encoder=yandex
Generated Result: qiecuklm
Hi @TonyInTokyo - Just had a quick look at this, it looks feasible but a quick attempt proved a little tricky, so I'll need to setup some codes for myself so that I can verify... Do you have a set of steps I could use to generate these codes myself and to see the URL and QR Codes? Do I need to setup a Yandex account? Install any apps?
@strongbox-mark I think you'll need a yandex account. No apps needed.
Please refer to the "I'm using Yandex Key version 3.0 and lower" part of the help page: https://yandex.com/support/id/authorization/twofa-on.html
Recently, keepass plugin KeePassOTP added the support for yandex OTP. Is it possible that strongbox adds the same feature? FYR https://github.com/Rookiestyle/KeePassOTP/releases