In that case use FreeOTP application it supports SHA512
*
*
*
*
*Thank You*
Sean Hulbert
*Security Centric Inc.*
A Cybersecurity Virtualization Enablement Company
/StormCloud Gov, Protected CUI Environment!/
Industry's most secure CMMC/iTAR virtual desktops!
*/FedRAMP MIL4 in process (RAR)/*
System Award Management
*CAGE: 8AUV4*
*SAM ID: UMJLJ8A7BMT3*
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the
hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use
or disclosure is prohibited and may violate applicable laws including
the Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication. Content within this email communication is not legally
binding as a contract and no promises are guaranteed unless in a formal
contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 2/14/2025 9:01 AM, Michael Jumper wrote:
On February 14, 2025 12:08:20 AM PST, "Skyrpan, Roman"
<[email protected]> wrote:
Hello everyone,
I encountered an unexpected issue.
Apache Guacamole 1.5.5 is installed.
Authentication is done via LDAP, followed by two-factor
authentication using TOTP.
The problem occurs at the two-factor authentication stage when the
QR code and the associated secret key information are displayed.
At the end of the secret key, |====| is appended.
On Android devices, Google Authenticator and other apps work
fine—both when scanning the QR code and when manually entering the
key. However, on Apple devices, the same Google Authenticator
throws an error when scanning the QR code, and when entering the
key manually, it generates completely incorrect codes for login.
The only modification made to the |guacamole.properties| file was
adding |totp-mode sha256|.
After discovering the issue, I tested all available encryption
methods and digit lengths, as well as regenerated the TOTP secret
completely, but nothing changed.
Has anyone encountered this issue before?
Kind regards
Roman
Google Authenticator does not support any mode but the default
(SHA-1). If you change totp-mode, you will not be able to use Google
Authenticator.
Historically, Google Authenticator has silently ignored the TOTP mode
and just assumed SHA-1, resulting in incorrect codes if totp-mode was
changed from the default. If you are seeing an error, it sounds like
they may have improved that behavior, at least on Apple devices.
Simply copying the key manually will omit the hash algorithm and
result in incorrect codes. If your TOTP application supports modes
beyond SHA-1, it will provide you with a method to input both the key
*and* the hash algorithm.
- Mike
