Bitcoin Forum
May 20, 2019, 09:51:56 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Interested in creating an alternate 2FA app for Android?  (Read 1866 times)
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1003


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 15, 2013, 02:56:54 PM
 #21

I didn't check the details but I assume it does that for time synchronization.

That'd be another improvement for a version based on it : issue a warning (or disable the key altogether) if the devices goes back in time. With the current version it's perfectly fine to enter flight mode, set the time at some point in the future, store the generated code and set the time back.

A good point and something for further investigation.

Oh, and btw, in case you missed this, Google Authenticator is open source (Apache License) : https://code.google.com/p/google-authenticator/

BTW as the CIYAM open source project uses MIT/X11 is that going to make it problematic to simply drop in that source code (as I am only interested in using the pretty much open slather licensing that MIT/X11 allows)?

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Goat says: "Bitcoin is NOT Illegal in Thailand. There is no law against Bitcoin in Thailand!"
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558345916
Hero Member
*
Offline Offline

Posts: 1558345916

View Profile Personal Message (Offline)

Ignore
1558345916
Reply with quote  #2

1558345916
Report to moderator
1558345916
Hero Member
*
Offline Offline

Posts: 1558345916

View Profile Personal Message (Offline)

Ignore
1558345916
Reply with quote  #2

1558345916
Report to moderator
1558345916
Hero Member
*
Offline Offline

Posts: 1558345916

View Profile Personal Message (Offline)

Ignore
1558345916
Reply with quote  #2

1558345916
Report to moderator
btchip
Hero Member
*****
Offline Offline

Activity: 628
Merit: 500

CTO, Ledger


View Profile WWW
July 15, 2013, 03:08:59 PM
 #22

http://www.tldrlegal.com/compare?a=MIT+License&b=Apache+License+2.0+(Apache-2.0) seems to agree on merging code (with conditions, not replacing one with the other, of course)

(btw, great site name  Grin)

CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1003


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 23, 2013, 12:10:22 PM
 #23

Well - I have put together my own version (to avoid licensing issues) that does "Google 2FA" now (the following sample source is using a test vector that I found in researching this so both the "key" and "tm" are hard-coded for the test):

Code:
string key( "MZXW633PN5XW6" );
string secret = base32::decode( key );

uint64_t tm = 43499885;
uint8_t challenge[ 8 ];
for( int i = 8; i--; tm >>= 8 )
   challenge[ i ] = tm;
string message( ( const char* )&challenge[ 0 ], 8 );

uint8_t hash[ 20 ];
hmac_sha1( secret, message, hash );

int offset = hash[ 19 ] & 0xf;
unsigned int truncatedHash = 0;
for( int i = 0; i < 4; ++i )
{
   truncatedHash <<= 8;
   truncatedHash |= hash[ offset + i ];
}

truncatedHash &= 0x7fffffff;
truncatedHash %= 1000000;

string pin = to_string( truncatedHash );
while( pin.length( ) < 6 )
   pin = '0' + pin;

It's much uglier than the 3 line algo using SHA256 but I guess I won't be lectured now for "rolling my own crypto" with it. Smiley

Also interestingly enough from what I've read Google Authenticator does *not* strictly adhere to the RFC (I think this might be due to the way it does base32 conversions as it doesn't deal with padding).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1003


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 24, 2013, 05:49:40 AM
 #24

Okay - I did find this fork of Google Authenticator: https://github.com/kaie/otp-authenticator-android but it stills needs the Network permission to install the .apk.

I don't think it is worth 5 BTC to just remove this capability - but if someone would like to clone it and do just that then I will be happy to offer a 2 BTC reward.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
kactech
Newbie
*
Offline Offline

Activity: 52
Merit: 0


View Profile
July 24, 2013, 11:38:33 AM
 #25

Indeed, very little work Smiley
https://github.com/kactech/otp-authenticator-android/commit/ed1a664a23c75f53f813a690987060b042d134f0
binary
https://dl.dropboxusercontent.com/u/24177759/tmp/Google_Authenticator.apk
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1003


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 24, 2013, 11:54:00 AM
 #26

Indeed - I had no idea it would be a one-liner.

Well - if you don't mind could you also remove the "vibrate" permission (I don't see any reason for it to be doing that either) and then give me a BTC address.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
kactech
Newbie
*
Offline Offline

Activity: 52
Merit: 0


View Profile
July 24, 2013, 12:00:54 PM
 #27

Here you go https://github.com/kactech/otp-authenticator-android/commit/1591300b8c8a957e0db8222e3bfa0eda76e5b421
Binary updated.
But I have to check if it won't crash without vibra! Smiley
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1003


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 24, 2013, 12:05:11 PM
 #28

Thanks - and a promise is a promise so I will pay 2 BTC for this (you can PM the address if you don't want it public or just put it in a reply here).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
kactech
Newbie
*
Offline Offline

Activity: 52
Merit: 0


View Profile
July 24, 2013, 12:11:21 PM
 #29

My BTC address 1KFy5cc4tkLXZm2FVKgeUxouMs4M7UYp7A
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1003


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 24, 2013, 12:16:04 PM
 #30

My BTC address 1KFy5cc4tkLXZm2FVKgeUxouMs4M7UYp7A

2 BTC sent - https://blockchain.info/tx/ff7973b3c7129562dc94a70ebcf2b848c19eb5d7aba60679b6701a17a699f34c - well done!

Also if you are interested in http://ciyam.org/open/?cmd=view&data=20121223024638595000&ident=M100V131&chksum=06d7fdb4 then I might put some BTC towards that.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
kactech
Newbie
*
Offline Offline

Activity: 52
Merit: 0


View Profile
July 24, 2013, 12:30:54 PM
 #31

Thank you CIYAM Open!
What a great people here, why I waited so long to join this forum?
Had to PM this MAN, incredible...
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!