User Tools

Site Tools


notes:python_google_authenticator_generator

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
notes:python_google_authenticator_generator [2013/04/02 12:10]
andy created
notes:python_google_authenticator_generator [2013/04/02 12:32]
andy
Line 7: Line 7:
 The secret key is a base-32 encoded string which the Python libraries require to be padded if it's not a multiple of 8 characters. To avoid this issue, the server should only generate keys that are such a multiple - I suggest the base-32 encoding of 10 random bytes, which should yield a 16-byte base-32 key. The secret key is a base-32 encoded string which the Python libraries require to be padded if it's not a multiple of 8 characters. To avoid this issue, the server should only generate keys that are such a multiple - I suggest the base-32 encoding of 10 random bytes, which should yield a 16-byte base-32 key.
  
-<​note>​The value returned by these functions is an `int`, which the Google applications zero-pad to 6 digits as required - bear this in mind if doing a string comparison.</​note>​+<​note>​The value returned by these functions is an ''​int''​, which the Google applications zero-pad to 6 digits as required - bear this in mind if doing a string comparison.</​note>​
  
 <code python google-generator.py>​ <code python google-generator.py>​
Line 22: Line 22:
 def get_totp_token(secret):​ def get_totp_token(secret):​
     return get_hotp_token(secret,​ intervals_no=int(time.time())//​30)     return get_hotp_token(secret,​ intervals_no=int(time.time())//​30)
 +</​code>​
 +
 +Until I get chance to put it somewhere else, here's an unrelated snippet to generate fairly secure keys from pycrypto:
 +
 +<code python>
 +>>>​ import Crypto.Hash.SHA256
 +>>>​ import Crypto.Protocol.KDF
 +>>>​ myprf = lambda p,s: Crypto.Protocol.KDF.HMAC.new(p,​ s, Crypto.Hash.SHA256).digest()
 +>>>​ Crypto.Protocol.KDF.PBKDF2("​password",​ "​salt",​ dkLen=32, count=5000, prf=myprf)
 +'​\x8f\xc2\xbc\xff\xbbK\x1a\xc9\xb9\xde\x03X\x8d9\x0f=\x9b\xf36\xc2\xc4B,​\x90\xc1X\xccqB%\xf6)'​
 </​code>​ </​code>​
notes/python_google_authenticator_generator.txt ยท Last modified: 2013/04/02 12:32 by andy