Hi Simon, Bring on two factor auth ;)
On 17/09/2012 4:24 PM, Simon Josefsson wrote: > Andrew McGlashan <[email protected]> writes: > >> Hi Simon, >> >> Considering your blog post here: >> http://www.advogato.org/person/jas/diary.html?start=31 >> >> I thought you might be interested in the python script I created for >> this task. >> >> http://ix.io/30h/py >> >> The script will look for the "service" files in the $HOME/.totp/ >> directory (for the user running the script). >> >> The .totp directory must be readable only by the user, ie have >> permissions of 0700 ... each file in the directory will have the secret >> used for the TOTP process (the secret does not need to be padded) as the >> script will auto-pad as needed. >> >> >> Use like this: >> >> oathtool --help >> oathtool --service google >> oathtool -s dropbox -v > > Hi! Nice indeed, would you mind posting your announcement to the > [email protected] list? I'd consider supporting the same > interface, although I would prefer to put the secret under ~/.config and > to use either a file naming convention or a file format that would > support different algorithms (HOTP vs TOTP, TOTP with different > parameters etc). Maybe we could have some on-list discussion about it, > I suspect others are interested in your work and hoping they might add > something useful to the discussion. > > Having an enrollment service would be nice, i.e., 'oathtool --register > dropbox' that would take a secret and add it to the local store. > > /Simon I've got a much improved script [1] now, but it relies on having gnupg module setup for python now. If you give an interval, it uses HOTP. There is a single parameter file that can set things -- command line options (if used) will override conf file settings. The secret can be stored in the conf file as plain text or you can use a reference to a gpg encrypted secret file. Here is a sample conf file: $ cat /home/andrewm/.oathtool.conf [google] #secret = AAAABBBBCCCCDDDD #digits = 8 secretfile = google.gpg [dropbox] #secret = AAAABBBBCCCCDDDDEEEEFFFFGG secretfile = dropbox.gpg You can now specify the number of digits, either in the conf file or as a command line option too. Haven't got anything for registering a service yet. If people use KeePass 2.x version, then they can also use a plugin [2] for TOTP which allows choice of 6 or 8 digits (7 is not there, but going greater than 6 digits just adds numbers to the left whilst keeping the first 6 unchanged). Keepass also has a QR plugin [3] which is handy too when using the URI [4] for an TOTP setup. Cheers [1] http://ix.io/30X/py [2] http://keepass.info/plugins.html#keeotp [3] http://keepass.info/plugins.html#qrcodegen [4] otpauth://totp/[email protected]?secret=aaaabbbbccccdddd -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP Current Land Line No: 03 9012 2102 Mobile: 04 2574 1827 Fax: 03 9012 2178 National No: 1300 85 3804 Affinity Vision Australia Pty Ltd http://affinityvision.com.au http://securemywireless.com.au http://adsl2choice.net.au In Case of Emergency -- http://affinityvision.com.au/ice.html
