Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Abrynos53010dany plans on publishing the code? asking for a friend
ewpratten3014710dDo you have any links to documentation for this?
flocke31810dYeah, the HOTP RFC, on which TOTP is based as well actually allows for a variable length of the token. 6 is just recommended as the minimal value, I assume that's why it is used everywhere.
SecFreak607010dCloudFlare uses 7
@Abrynos maybe at a point where I'm not messing around with it anymore and looking to make it production viable.
Otherwise the RFC isn't too complicated if you've worked with base32 algos before.
Best doc I came across in my journeys last night which got me to the secret key/code
Still need to do the verification side of it.
If you use googles charts to generate a QR code, url encode the otpauth:// part.
Ok, so implementing the 8 digit code is not a good idea.
Android and blackberry ignore the digits part and just generates 6, which makes sense.... not.
Not even google follow the RFC 🤦♂️
Fuck my duck!
Back to 6 I go.
Hell I probably can't use huge base32 seeds either on other devices.
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job