It would be useful to add OATH TOTP capabilities to the OtpKeyProv so that users can generate otps with google authenticator (or the yubico authenticator).
The OtpKeyProv HOTP authentication implementation encrypts the Secret Key with a small number of pre-calculated HOTPs. This method is not appropriate for TOTPs (among other issues, it would be necessary to pre-encrypt the Secret Key 172,800 2880 times to cover just one 24 hour period using the default 30 sec TOTP expiration period). Unfortunately it would be more difficult to implement secure authentication for TOTPs on a PC because the TOTP authenticator application can't be located behind a firewall like it is at Google or Microsoft cloud services.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.