![]() I did, and I certainly violated the trust of my employer by doing so. Ideally, you should therefore never even see your secret, and certainly not confine it to memory (or even worse, write it down). ![]() A correct code in those cases absolutely require physical control over a key. If, however, the secret is properly installed on a yubikey or similar, then it cannot be recovered, ever. Now, I feel the need to emphasize that this is a horrible solution which circumvents the entire purpose of the TOTP-scheme: If someone installs a key logger on your computer, observes what you type, tortures you, or even just browses through your machine if they get access to it, then they will get the secret - just as if it was a regular password, which is basically what the secret in the above case has been reduced to. However, if you want it really simple, then you can even do this interactively in the python shell with available libraries: In : import pyotp As for the one time code, the algorithm for TOTP is fairly simple and can be implemented in C or similar without much hassle. My secret was just 32 characters, so it was just another password to remember. punch in the key whenever you need a one time code.write a program for TOTP-codes in your favorite language.It wasn't pretty and head of security would have gone ballistic if they got word of it, but fortunately they never did. I was in a similar situation: My employer required TOTP for some purposes and I refused to acquire a smart phone for this.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |