Comments (2)
Toreno96
commented on June 5, 2024
I went through the RFC 4226 to find if there's any recommendation for the default counter value and while there's no such recommendation mentioned explicitly, it seems they always use 0 in the examples. It could be a sane default.
Although I'm not 100% sure, considering the Key URI always requires the counter parameter, there's no default supported.
from onetimepass.
Toreno96
commented on June 5, 2024
Although I'm not 100% sure, considering the Key URI always requires the counter parameter, there's no default supported.
I just checked that if you choose to input the HOTP manually into the Google Authenticator, it won't ask about the counter, only the secret. So not only does the counter default to 0, the user cannot really change that.
In that case, +1 for this approach:
We should either support the default value (e.g.
-c 0)
as this preserves the default behavior from the Google Authenticator, and at the same time, extends it (by giving the user the control).
Also, I believe otp add hotp alias --counter 0 is much more clear than otp add hotp alias 0.
from onetimepass.
Related Issues (20)
- The app does not store `label` and `issuer` parameters
- Publish the app to the PyPI
- Document how to install the app on the mobile phone
- `add uri` command does not conform in 100% to the Key Uri Format specification HOT 1
- `secret` string is handled as-is, not interpreted as the Base32
- The counter in HOTP should be incremented _before_ the OTP is shown
- Error for invalid hash algorithm shows the implementation details
- Name `algorithm` is shadowed
- GH Actions `CI` stopped working; it tries to use Python `3.8` for PDM
- Fix docs' misinformation about Google Authenticator not supporting sync between devices
- `otp -k key` raises unhandled exception if the keyring is not installed
- Fix docs' invalid HOTP example
- Make sure `secret` is not injected in log files etc as plain text
- GH Action `CI` stopped working; `ModuleNotFoundError: No module named 'pip._vendor.html5lib'` HOT 1
- Consider changing `-a` to `-h` for `--hash_algorithm` option HOT 1
- Add command to echo the application's version
- `0.2.0` release candidate HOT 2
- Regression after renaming `*algorithm` variables
- `digits` is not optional
- Key URI provided by Google detected as invalid Base32 value HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from onetimepass.