#1821 Add OATH TOTP to OtpKeyProv

KeePass
closed
nobody
None
5
2014-02-02
2014-02-01
A Simmons
No

It would be useful to add OATH TOTP capabilities to the OtpKeyProv so that users can generate otps with google authenticator (or the yubico authenticator).

Discussion

  • wellread1

    wellread1 - 2014-02-02

    The OtpKeyProv HOTP authentication implementation encrypts the Secret Key with a small number of pre-calculated HOTPs. This method is not appropriate for TOTPs (among other issues, it would be necessary to pre-encrypt the Secret Key 172,800 2880 times to cover just one 24 hour period using the default 30 sec TOTP expiration period). Unfortunately it would be more difficult to implement secure authentication for TOTPs on a PC because the TOTP authenticator application can't be located behind a firewall like it is at Google or Microsoft cloud services.

     
    Last edit: wellread1 2017-01-26
  • Dominik Reichl

    Dominik Reichl - 2014-02-02
    • status: open --> closed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks