Am Sat, 7 Nov 2015 22:03:04 +0100 schrieb Michael Ströder <[email protected]>:
> Dieter Klünter wrote: > > Am Sat, 7 Nov 2015 14:33:22 +0100 > > schrieb Michael Ströder <[email protected]>: > > > >> Dieter Klünter wrote: > >>> 6. added credentials by ldappasswd > >>> userPassword:: > >>> e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09 > >> > >> I have not really tried the module myself yet but I note that the > >> key is actually 21 bytes long (see below). Shouldn't that be 20 > >> bytes? > >> > >> Python 2.7.10 (default, May 24 2015, 14:46:10) [GCC] on linux2 > >>>>> 'e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09'.decode('base64') > >> '{TOTP1}NBUEI6KEJMYDCNBTGI2TMQKCINCA====' > >>>>> s='NBUEI6KEJMYDCNBTGI2TMQKCINCA===='.decode('base64') > >>>>> len(s) > >> 21 > > > > The TOTP1 string is base32 encoded, not base64. > > If it's sent to the Google Authenticator the base32-encoded form is > appended to the totp:// URL. And looking at slapd-totp.c it seems > you're also right regarding the storage format in 'userPassword': > > /* Key is stored in base32 */ > > But still 17 bytes look strange to me: > > Python 2.7.10 (default, May 24 2015, 14:46:10) [GCC] on linux2 > >>> import base64 > >>> base64.b32decode('NBUEI6KEJMYDCNBTGI2TMQKCINCA====') > 'hhDyDK0143256ABCD' > >>> len(base64.b32decode('NBUEI6KEJMYDCNBTGI2TMQKCINCA====')) > 17 > > What's the correct length of your shared secret? In fact i have tested with various length. You are correct that the key is question is of 17 bytes. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
