9front - general discussion about 9front
 help / color / mirror / Atom feed
From: cinap_lenrek@felloff.net
To: 9front@9front.org
Subject: Re: [9front] Totp in factotum
Date: Fri, 17 Mar 2023 10:48:04 +0100	[thread overview]
Message-ID: <C9FF62480A9B0C558D2F16A7FC133B81@felloff.net> (raw)
In-Reply-To: <4da1abf2-25e8-471d-9ecf-bc09ea182933@sirjofri.de>

so the key is base32 encoded binary, but the code
uses strlen() on the binary output?

the rfc uses hex encoding, not sure what is
used in practice. the issue with base32 is
that there are many different alphabets
for it. it is not as standartized as
base64.

this looks extreamly fishy and wrong. what if
the binary secret contains nuls? how's the secret
generated? rfc6238 says it should be random
binary.

so i think the functions needs to take a uchar*
for the key and a key-length field, which you
get from dec32() return value.

--
cinap

  reply	other threads:[~2023-03-17  9:49 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-16 19:08 [9front] Totp in factotum (advice and code) sirjofri
2023-03-16 19:51 ` [9front] Totp in factotum sirjofri
2023-03-17  9:48   ` cinap_lenrek [this message]
2023-03-17 16:43     ` sirjofri
2023-03-18  1:42       ` cinap_lenrek
2023-03-21 20:10 ` [9front] Re: Totp in factotum (advice and code) sirjofri
2023-04-05  7:08   ` sirjofri

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=C9FF62480A9B0C558D2F16A7FC133B81@felloff.net \
    --to=cinap_lenrek@felloff.net \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).