bug: Can't scan QR code when time-step value is not 30 - Githubissues

twofas / 2fas-ios

Source code for 2FAS iOS app

GNU General Public License v3.0

480 stars 35 forks source link

bug: Can't scan QR code when time-step value is not 30 #90

Closed hoptodesk closed 3 months ago

hoptodesk commented 3 months ago

Bug type

Error at runtime

App version

5.3.5

Device environment

iOS 17.4.1, iPhone 15

Bug description

There is a possible bug with 2FAS when an app generates a OTP code using a value other than 30 (such as 45 for example) for the time-step value with the SHA1 algorithm, 2FAS fails to scan the QR code and shows a message "This code is incorrect or not supported. Try again.".

While testing other OTP apps, they do not appear to have this issue and can support a time-step value other than 30 seconds.

Solution

No response

Additional context

No response

Acknowledgements

[X] This issue is not a duplicate of an existing bug report.
[X] I understand that security vulnerabilities should be reported to security@2fas.com instead of on GitHub.
[X] I have chosen an appropriate title.
[X] All requested information has been provided properly.

adocyn commented 3 months ago

@hoptodesk That's intentional. We're not planning to support other periods. For now at least. They're very rare and we would need to redone some parts of the app like e.g. widgets, which rely on 10s steps.