RubyForge: Ruby HOTP Algorithm: Detail: 27426 hotp algorithm fails if the key is hex and key length is 41 chars.

[#27426] hotp algorithm fails if the key is hex and key length is 41 chars.

Date:
2009-11-12 14:29 Priority:
3

Submitted By:
Giuseppe Paterno' (gpaterno) Assigned To:
Nobody (None)

Category:
None State:
Open

Summary:
hotp algorithm fails if the key is hex and key length is 41 chars.

Detailed description

I think I found a little bug on HOTP or maybe a "calculated" behaviour.
I use OTPD as an authentication server, one project I reimported as http://code.google.com/p/otpd/ and I found
it incompatible if the key size is 41 chars. The problem stands in the input secret if the key is already in hexadecimal
format.

After some attempts, I modified in the function "self.hotp" the following code:

from:
sha1_hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new("SHA1"), secret,
string_to_hex_value(count,8))

to:

temp_string = ""
temp_char = "0"
secret.scan(/../).each { |hexs|
      temp_char[0]= hexs.hex
      temp_string << temp_char
}

sha1_hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new("SHA1"), temp_string,
string_to_hex_value(count,8))


Hope it helps in some way.

Add A Comment:

Please login

Followup

No Followups Have Been Posted

Attached Files:

Name	Description	Download

No Files Currently Attached

[#27426] hotp algorithm fails if the key is hex and key length is 41 chars.

Please login

Followup

No Followups Have Been Posted

Attached Files:

Changes:

No Changes Have Been Made to This Item