OTP.NET和OTPTest网站上的OTP Pins是不同的。

huangapple go评论78阅读模式
英文:

OTP Pins Are Different on OTP.NET and OTPTest WebSite

问题

我正在使用网站https://otptest.de/和OTP.NET库进行OTP场景测试。然而,我发现我的代码和网站之间一直产生不同的OTP PIN。我已经在以下gist中提供了我的代码:text

我会感激任何关于如何解决这个差异并确保我的代码生成的OTP PIN与otptest.de网站生成的PIN匹配的指导。

尝试了OTP场景。与网站没有生成相同的PIN。

英文:

I'm currently testing an OTP scenario using the website https://otptest.de/ and the OTP.NET library. However, I'm consistently getting different OTP PINs between my code and the website. I have provided my code in the following gist: text

I would appreciate any guidance on how to resolve this discrepancy and ensure that the OTP PIN generated by my code matches the one generated by the otptest.de website.

Tried otp scenario. Didn't generate same one with the website.

答案1

得分: 2

我自己也遇到过这个问题。大多数OTP生成器提供的“秘密”是BASE32编码的。OTP.NET期望将解码后的字节作为秘密。

以下代码生成与测试站点相同的令牌。它使用Base32Encoding辅助类将秘密解码为实际的字节:

var base32Bytes = Base32Encoding.ToBytes("MYM5VAQ");
var otp = new Totp(base32Bytes);

var token = otp.ComputeTotp();
英文:

I've run into this myself. The "secret" provided by most OTP generators is BASE32-encoded. OTP.NET expects the decoded bytes as a secret.

The following code produces the same token as the test site. It uses the Base32Encoding helper class to decode the secret into the actual bytes:

var base32Bytes = Base32Encoding.ToBytes("MYM5VAQ");
var otp = new Totp(base32Bytes);
	
var token=otp.ComputeTotp();

答案2

得分: 0

以下是翻译好的部分:

  • 不同的OTP算法 - 该网站可能使用与OTP.NET不同的OTP算法。最常见的算法是TOTP(基于时间的一次性密码)和HOTP(基于HMAC的一次性密码)。确保您的代码中使用与网站相同的算法。

  • 不同的时间间隔 - 对于TOTP,时间间隔在OTP生成中起到作用。确保您的代码中使用与网站相同的时间间隔(通常为30或60秒)。

  • 不同的密钥 - 密钥是OTP生成中最重要的部分。确保您的代码中使用的密钥与网站提供的密钥完全匹配。

  • 时间同步问题 - 对于TOTP,您的系统时钟和服务器时钟之间的任何时间差异都可能引发问题。尽量将系统时间同步得尽可能精确。

  • 在查看您的代码时,有一些问题显眼:

    • 您正在使用TOTP,但没有指定时间间隔。默认值为30秒,因此如果网站使用60秒,这将导致差异。

    • 您生成了一个新的密钥,而不是使用网站提供的密钥。这肯定会生成不同的OTP。

    • 可能存在时间同步问题,尽管由于您每2秒生成一次新OTP,这种情况不太可能发生。

我的建议是:

  • 从网站获取密钥,并在您的代码中使用完全相同的密钥。

  • 指定时间间隔,例如使用totp.GenerateTotp(key, 60)。

  • 仔细检查您的系统时间是否准确。

  • 以与网站相同的间隔生成OTP,例如对于T60密钥,每60秒生成一次。

进行这些更改应该解决问题,并使您的代码生成与网站相同的OTP。

祝您好运。

英文:

There are a few potential issues I see here:

Different OTP algorithms - The website may be using a different OTP algorithm than OTP.NET. The most common ones are TOTP (Time-based One-time Password) and HOTP (HMAC-based One-time Password). Make sure you are using the same algorithm in your code as the website.

Different time intervals - For TOTP, the time interval plays a role in the OTP generation. Ensure you are using the same time interval (usually 30 or 60 seconds) in your code as the website.

Different secret keys - The secret key is the most important part of OTP generation. Make sure the key you are using in your code exactly matches the one provided by the website.

Time synchronization issues - For TOTP, any time differences between your system clock and the server clock can cause issues. Try to sync your system time as precisely as possible.

Looking at your code, a few things stand out:

You are using TOTP, but don't specify a time interval. The default is 30 seconds, so if the website is using 60 seconds that would cause a discrepancy.

You generate a new secret key, instead of using the one provided by the website. This will definitely generate different OTPs.

There could be time sync issues, though less likely given that you generate a new OTP every 2 seconds.

My recommendations would be:

Get the secret key from the website and use that exact key in your code.

Specify the time interval, e.g. totp.GenerateTotp(key, 60).

Double check that your system time is precise.

Generate OTPs at the same interval as the website, e.g. every 60 seconds for a T60 key.

Making these changes should resolve the issue and have your code generate the same OTPs as the website.

Good luck to you

huangapple
  • 本文由 发表于 2023年6月13日 16:38:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/76463097.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定