bb113 (OP)
|
|
June 24, 2012, 09:34:23 PM |
|
Psuedocode from wikipedia: function GoogleAuthenticatorCode(string secret) key := base32decode(secret) message := current Unix time ÷ 30 hash := HMAC-SHA1(key, message) offset := last nibble of hash truncatedHash := hash[offset..offset+4] //4 bytes starting at the offset Set the first bit of truncatedHash to zero //remove the most significat bit code := truncatedHash mod 1000000 pad code with 0 until length of code is 6 return code
Would it be possible to write a program that generates google authenticator OTPs on a TI89? Would it be too difficult to sync the time? Would it take too long to generate the OTP?
|
|
|
|
bb113 (OP)
|
|
June 25, 2012, 01:42:49 AM |
|
Is this a dumb or uninteresting question? I just want a device that never goes online to generate my OTPs.
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
June 25, 2012, 02:15:03 AM |
|
The programs are written in http://en.wikipedia.org/wiki/TI-BASIC so you need to find a programmer for that language. BUT you do want a device that has a good track of time, and I don't even know if a TI-89 can keep track of time let alone if it is the wrong time it would be completely wrong and the you will never get the correct number to enter.
|
|
|
|
bb113 (OP)
|
|
June 25, 2012, 02:23:23 AM |
|
How accurate does the time need to be? My understanding is that there is a "grace period" so there are a number of different OTPs that would be accepted on the website end. Maybe I am wrong.
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
June 25, 2012, 03:38:16 AM |
|
it is should be fairly accurate and the grace period isn't that long, I have implement google authenticator on some sites and it wants it too be pretty accurate. But honestly I don't think a TI-89 has any time and that is more important the grace period can always be tweaked in code.
|
|
|
|
Garr255
Legendary
Offline
Activity: 938
Merit: 1000
What's a GPU?
|
|
June 25, 2012, 03:40:46 AM |
|
I want one for my c64 10btc bounty!
|
“First they ignore you, then they laugh at you, then they fight you, then you win.” -- Mahatma Gandhi
Average time between signing on to bitcointalk: Two weeks. Please don't expect responses any faster than that!
|
|
|
bb113 (OP)
|
|
June 25, 2012, 03:46:24 AM |
|
it is should be fairly accurate and the grace period isn't that long, I have implement google authenticator on some sites and it wants it too be pretty accurate. But honestly I don't think a TI-89 has any time and that is more important the grace period can always be tweaked in code.
I would just read the unix time off some website and manually enter it in when I want to log on. Also, there are a bunch of programs that claim to keep track of time (I haven't tried any): http://www.ticalc.org/pub/89/basic/programs/time/
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
June 25, 2012, 03:50:57 AM |
|
one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!
Also it may take too long to enter in the unix time into the program
|
|
|
|
Garr255
Legendary
Offline
Activity: 938
Merit: 1000
What's a GPU?
|
|
June 25, 2012, 03:52:39 AM |
|
one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!
Also it may take too long to enter in the unix time into the program
You would just enter it in advance then wait for the actual time to catch up to you Is that not obvious?
|
“First they ignore you, then they laugh at you, then they fight you, then you win.” -- Mahatma Gandhi
Average time between signing on to bitcointalk: Two weeks. Please don't expect responses any faster than that!
|
|
|
bb113 (OP)
|
|
June 25, 2012, 03:59:56 AM |
|
one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!
Also it may take too long to enter in the unix time into the program
How well are we talking. 1 second? 10 seconds?
|
|
|
|
bb113 (OP)
|
|
June 25, 2012, 04:23:05 AM |
|
I think manual entry would work as long as it only needs to be accurate to a few seconds. Really it is only the last few digits that would change.
edit: then again I have never worked with this so I don't know.
|
|
|
|
runlinux
|
|
June 25, 2012, 10:56:11 AM |
|
The big thing is you need hashing functions and I am fairly sure the TI-89 doesn't have that. I did do my share of programming on that bad boy 10 years ago...
I only havae my TI-86, so I can't help you out. Yes, I know I could emulate it...
|
|
|
|
bb113 (OP)
|
|
June 25, 2012, 07:15:22 PM |
|
gotta implement hmac-sha1 in TI-BASIC89
|
|
|
|
REF
|
|
June 26, 2012, 12:17:18 AM |
|
TI-89 does keep track of time. I use that calculator everyday. It has a built in clock, you can set the time format 12/24hrs, hour, minute, am/pm, choice the date format MM/DD/YY, year, and month.
|
|
|
|
bb113 (OP)
|
|
June 26, 2012, 02:32:52 AM |
|
I actually got mine lost/stolen, but would buy a new one anyway. Does it do unix time or just that format. Does it count seconds?
|
|
|
|
deusstultus
Newbie
Offline
Activity: 14
Merit: 0
|
|
July 04, 2012, 06:28:16 PM |
|
As stated, the only real issue you'd have with the hardware of the calculator is keeping track of time. TI89 has a real-time clock, and the backup battery (beneath the AAAs) will keep this running. The main concern is that you likely do not have efficient means of keeping the clock synchronized to a network time. Google's newest release of the app now even contains its own NTP task to fetch a time rather than using the phones. I haven't looked into it, but given the app, and the pseudo-code you posted, your grace period is exactly 30 seconds. How long you have remaining (the countdown in the app) is controled by the modulo 30 of the time seed used. I would expect that there are open implementations of SHA1 and the necessary hash functions you need in TI-BASIC89. Really should be quite simple to implement, just need to make sure you check that your clock is accurate fairly regularly.
|
|
|
|
bb113 (OP)
|
|
July 06, 2012, 04:02:12 AM |
|
As stated, the only real issue you'd have with the hardware of the calculator is keeping track of time. TI89 has a real-time clock, and the backup battery (beneath the AAAs) will keep this running. The main concern is that you likely do not have efficient means of keeping the clock synchronized to a network time. Google's newest release of the app now even contains its own NTP task to fetch a time rather than using the phones. I haven't looked into it, but given the app, and the pseudo-code you posted, your grace period is exactly 30 seconds. How long you have remaining (the countdown in the app) is controled by the modulo 30 of the time seed used. I would expect that there are open implementations of SHA1 and the necessary hash functions you need in TI-BASIC89. Really should be quite simple to implement, just need to make sure you check that your clock is accurate fairly regularly.
Do you think its something a novice could do? Also, I couldn't find any sha1 implementations after looking around.
|
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 10, 2012, 10:39:29 PM |
|
My bank gives me a Token generate that I use when I sign into my bank account online. It displays a 6 digit number and they change every 30 seconds I think.
I belive Yubikey is based on the same thing. Just instead of displaying it on a screen it pastes it into the keyword buffer through the USB port or RFID.
It would be cool to have a token generator that doesn't cost $20.
|
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 10, 2012, 10:43:38 PM |
|
It would be really cool if i could use my bank token generator or any token generator out there "WoW, etc..." for sites that support Yubikey, Google, etc.. Now THAT would be one hell of a bounty
|
|
|
|
Aseras
|
|
July 12, 2012, 08:44:28 PM |
|
Correct me if I'm wrong but if you can generate the codes, then anyone can do it which means it's useless. I thought most of these keys are salted with some specific to your account and I doubt youll be able to figure out what it is and I doubt the bank or wherever would tell you.
|
|
|
|
|