OTP Generation Bug

Problems with KyPass on iPhone should be reported in here
Post Reply
User avatar
TravisWooley
Posts: 3
Joined: Tue Aug 06, 2019 2:37 pm

OTP Generation Bug

Post by TravisWooley »

The OTP generation process ignores the custom settings for time (step), and I assume but haven't personally verified digit count (size). As a result it generates completely incorrect OTP tokens for custom time settings. For instance I have one that uses a 60 second time step. Both of the tokens generated in that 60 second window are incorrect.

If it helps I am using KeeOTP https://bitbucket.org/devinmartin/keeotp/wiki/Home to generate the OTP config. It correctly handles the token generation

User avatar
RedBug (Author)
Site Admin
Posts: 141
Joined: Tue Sep 25, 2018 6:12 pm
Contact:

Re: OTP Generation Bug

Post by RedBug (Author) »

You're right.. The digit argument was not used.
I've added it in the next version (available in the TestFlight) but I don't see anything about the time step argument in the RFC

How is the argument named ?
Could you give me the url ? Without the secret ;p

I use the specification as described in RFC6238

KyPass Documentation was updated.
Artisan developer iPhone/Mac, old demoscener & Kyuran owner.
RedBug / Kyuran

Ghost-CL
Posts: 1
Joined: Fri May 22, 2020 7:13 am

Re: OTP Generation Bug

Post by Ghost-CL »

There is another bug. You've described the parameter "digits" in the documentation. But this parameter is not taken into account. For Example, if I set the URI to:

Code: Select all

otpauth://totp/Example:alice@google.com?secret=DPJBSKY3EHWP3PXP&issuer=Example&digits=8
-> the TOTP is still 6 digits long. Could you please check this, too?

And I have another wish or feature request. I'm using KeeTrayTOTP because it can handle with Steam OTP. Could you please add this feature to KyPass? :)
Here is the Link to KeeTrayTOTP.

Post Reply