Generate Google Authenticator OTPs with a TI89?

[bb113]

Psuedocode from wikipedia:

Code:

function GoogleAuthenticatorCode(string secret)
     key := base32decode(secret)
     message := current Unix time ÷ 30
     hash := HMAC-SHA1(key, message)
     offset := last nibble of hash
     truncatedHash := hash[offset..offset+4]  //4 bytes starting at the offset
     Set the first bit of truncatedHash to zero  //remove the most significat bit 
     code := truncatedHash mod 1000000
     pad code with 0 until length of code is 6
     return code 

Would it be possible to write a program that generates google authenticator OTPs on a TI89? Would it be too difficult to sync the time? Would it take too long to generate the OTP?

[1714931924]

1714931924

[bb113]

Is this a dumb or uninteresting question? I just want a device that never goes online to generate my OTPs.

[gweedo]

The programs are written in http://en.wikipedia.org/wiki/TI-BASIC so you need to find a programmer for that language. BUT you do want a device that has a good track of time, and I don't even know if a TI-89 can keep track of time let alone if it is the wrong time it would be completely wrong and the you will never get the correct number to enter.

[bb113]

How accurate does the time need to be? My understanding is that there is a "grace period" so there are a number of different OTPs that would be accepted on the website end. Maybe I am wrong.

[gweedo]

it is should be fairly accurate and the grace period isn't that long, I have implement google authenticator on some sites and it wants it too be pretty accurate. But honestly I don't think a TI-89 has any time and that is more important the grace period can always be tweaked in code.

[Garr255]

I want one for my c64

10btc bounty!

[bb113]

it is should be fairly accurate and the grace period isn't that long, I have implement google authenticator on some sites and it wants it too be pretty accurate. But honestly I don't think a TI-89 has any time and that is more important the grace period can always be tweaked in code.

I would just read the unix time off some website and manually enter it in when I want to log on.

Also, there are a bunch of programs that claim to keep track of time (I haven't tried any):
http://www.ticalc.org/pub/89/basic/programs/time/

[gweedo]

one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!

Also it may take too long to enter in the unix time into the program

[Garr255]

one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!

Also it may take too long to enter in the unix time into the program

You would just enter it in advance then wait for the actual time to catch up to you Is that not obvious?

[bb113]

one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!

Also it may take too long to enter in the unix time into the program

How well are we talking. 1 second? 10 seconds?

[bb113]

I think manual entry would work as long as it only needs to be accurate to a few seconds. Really it is only the last few digits that would change.

edit: then again I have never worked with this so I don't know.

[runlinux]

The big thing is you need hashing functions and I am fairly sure the TI-89 doesn't have that. I did do my share of programming on that bad boy 10 years ago...

I only havae my TI-86, so I can't help you out. Yes, I know I could emulate it...

[bb113]

gotta implement hmac-sha1 in TI-BASIC89

[REF]

TI-89 does keep track of time. I use that calculator everyday. It has a built in clock, you can set the time format 12/24hrs, hour, minute, am/pm, choice the date format MM/DD/YY, year, and month.

[bb113]

I actually got mine lost/stolen, but would buy a new one anyway. Does it do unix time or just that format. Does it count seconds?

[deusstultus]

As stated, the only real issue you'd have with the hardware of the calculator is keeping track of time.  TI89 has a real-time clock, and the backup battery (beneath the AAAs) will keep this running.  The main concern is that you likely do not have efficient means of keeping the clock synchronized to a network time.  Google's newest release of the app now even contains its own NTP task to fetch a time rather than using the phones. I haven't looked into it, but given the app, and the pseudo-code you posted, your grace period is exactly 30 seconds.  How long you have remaining (the countdown in the app) is controled by the modulo 30 of the time seed used.  I would expect that there are open implementations of SHA1 and the necessary hash functions you need in TI-BASIC89.  Really should be quite simple to implement, just need to make sure you check that your clock is accurate fairly regularly.

[bb113]

As stated, the only real issue you'd have with the hardware of the calculator is keeping track of time.  TI89 has a real-time clock, and the backup battery (beneath the AAAs) will keep this running.  The main concern is that you likely do not have efficient means of keeping the clock synchronized to a network time.  Google's newest release of the app now even contains its own NTP task to fetch a time rather than using the phones. I haven't looked into it, but given the app, and the pseudo-code you posted, your grace period is exactly 30 seconds.  How long you have remaining (the countdown in the app) is controled by the modulo 30 of the time seed used.  I would expect that there are open implementations of SHA1 and the necessary hash functions you need in TI-BASIC89.  Really should be quite simple to implement, just need to make sure you check that your clock is accurate fairly regularly.

Do you think its something a novice could do? Also, I couldn't find any sha1 implementations after looking around.

[unclemantis]

My bank gives me a Token generate that I use when I sign into my bank account online. It displays a 6 digit number and they change every 30 seconds I think.

I belive Yubikey is based on the same thing. Just instead of displaying it on a screen it pastes it into the keyword buffer through the USB port or RFID.

It would be cool to have a token generator that doesn't cost $20.

[unclemantis]

It would be really cool if i could use my bank token generator or any token generator out there "WoW, etc..." for sites that support Yubikey, Google, etc..

Now THAT would be one hell of a bounty

[Aseras]

Correct me if I'm wrong but if you can generate the codes, then anyone can do it which means it's useless. I thought most of these keys are salted with some specific to your account and I doubt youll be able to figure out what it is and I doubt the bank or wherever would tell you.