Sorry, I misinterpreted what you wrote earlier: > Also... will there be documentation or source code provided for the OTP server running on 9dx.cc? The changelog for this version says "Theoretically, DXpeditions can set up their own OTP server"... but the theoretical becomes near impossible if there's no information provided on how it works! I'm sure it would also be good to have other eyes across that server, to make sure there's no vulnerabilities in it...
If you're looking for the client-side interaction with the server, you can find that contained in the file Network/FoxVerifier.cpp in the WSJT-X source code, which is available from https://sourceforge.net/projects/wsjt/files/wsjtx-2.7.0-rc7/wsjtx-2.7.0-rc7.tgz (for version 2.7.0). On Wed, Oct 23, 2024 at 12:15 AM Mark Jessop via wsjt-devel < wsjt-devel@lists.sourceforge.net> wrote: > Yes, I understand what TOTP is, thanks. > > What I'm interested in is details on what WSJT-X is sending to, and is > expecting back from the validation website, so that someone that wants to > set up an alternative server to 9dx.cc is able to do so. Just pointing to > an RFC is not sufficient for this - there will be implementation-specific > details that are important too. > > From what I understood the point here was that validation would not be > locked down to just one 'supplier' of keys. Otherwise - what's the point of > having that URL be a user-modifiable field? > > 73 > Mark VK5QI > > > On Wed, Oct 23, 2024 at 1:34 PM Brian Moran <brian.mo...@gmail.com> wrote: > >> One Time Passwords are something that many websites use now (with support >> of authentication/password apps like Google Authenticator, Microsoft >> Authenticator, 1password, etc.). They work by have a "Time Based One Type >> Password" that follows the methods outlined in RFC6238 (and predecessor >> RFCs). >> >> The 9dx.cc website, and the fox, share a reasonably large randomly >> generated OTP seed value (see the RFC for details). >> The fox generates an OTP code using this seed, and sends the code as part >> of the FT8 transmission. WSJT-X client software recognizes the code, and >> submits it to the 9dx.cc website along with the time that it was received. >> The website, having the same "seed" value that the DXpedition is using, >> generates the OTP code for the specified interval. The website checks the >> submitted code against the generated code, and if it matches, it returns a >> verified status. To assist with manual checking (OTP codes were originally >> used with the H44 dxpedition, before this feature was present in WSJT-X), >> the website will show the last five minutes of codes for a particular DX >> station. >> >> It's important that the website not reveal OTP codes in advance. >> -Brian N9ADG >> >> >> On Tue, Oct 22, 2024 at 2:50 PM DG2YCB via wsjt-devel < >> wsjt-devel@lists.sourceforge.net> wrote: >> >>> Hi Mark, >>> >>> As already mentioned several times in my video (and also demonstrated), >>> the new verification system works for both SuperFox mode and old-style Fox >>> mode. Regarding the 9dx.cc OTP server, Brian is the best person to contact. >>> >>> 73 de DG2YCB, >>> Uwe >>> _________________________________________ >>> German Amateur Radio Station DG2YCB >>> Dr. Uwe Risse >>> eMail: dg2...@gmx.de >>> Info: www.qrz.com/db/DG2YCB >>> >>> >>> Am 22. Oktober 2024 23:35:01 schrieb Mark Jessop <vk...@rfhead.net>: >>> >>>> Hi, >>>> >>>> Your video goes through setting up superfox mode, but my point is that >>>> there are possible configuration settings in that section that results in >>>> possibly odd behaviour. >>>> >>>> Is OTP mode intended to also be available for use in 'regular' fox mode? >>>> >>>> It would also be really nice to get an answer on the OTP server. >>>> >>>> 73 >>>> Mark VK5QI >>>> >>>> On Thu, Oct 17, 2024 at 10:56 PM Uwe, DG2YCB <dg2...@gmx.de> wrote: >>>> >>>>> Hi Mark, >>>>> >>>>> You will likely find my following video tutorial helpful: >>>>> https://www.youtube.com/watch?v=OtQcJK-kgwM >>>>> >>>>> 73 de DG2YCB, >>>>> Uwe >>>>> ________________________________________ >>>>> German Amateur Radio Station DG2YCB >>>>> Dr. Uwe Risse >>>>> eMail: dg2...@gmx.de >>>>> Info: www.qrz.com/db/DG2YCB >>>>> >>>>> >>>>> Am 17.10.2024 um 13:44 schrieb Mark Jessop via wsjt-devel: >>>>> >>>>> Hi, >>>>> >>>>> I've been experimenting with the new RC7, and I have noted that if OTP >>>>> transmissions are enabled and send text is also enabled, but I'm >>>>> transmitting as a 'regular' fox, it looks like the OTP message gets >>>>> transmitted in the second slot all the time (along with a truncated free >>>>> text message in the first slot). >>>>> CQ messages are not transmitted, nor are responses to calling stations. >>>>> I realise having OTP mode enabled in regular fox mode is not expected, >>>>> but it's something that *can* be set from the GUI... so something someone >>>>> might do accidentally. >>>>> >>>>> Also... will there be documentation or source code provided for the >>>>> OTP server running on 9dx.cc? The changelog for this version says >>>>> "Theoretically, >>>>> DXpeditions can set up their own OTP server"... but the theoretical >>>>> becomes >>>>> near impossible if there's no information provided on how it works! >>>>> I'm sure it would also be good to have other eyes across that server, >>>>> to make sure there's no vulnerabilities in it... >>>>> >>>>> Thanks, >>>>> Mark VK5QI >>>>> >>>>> >>>>> _______________________________________________ >>>>> wsjt-devel mailing >>>>> listwsjt-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wsjt-devel >>>>> >>>>> >>>>> >>> _______________________________________________ >>> wsjt-devel mailing list >>> wsjt-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/wsjt-devel >>> >> _______________________________________________ > wsjt-devel mailing list > wsjt-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wsjt-devel >
_______________________________________________ wsjt-devel mailing list wsjt-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wsjt-devel
