-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with OATH-TOTP on firmware 2.1.2 #141
Comments
@bwoznicki We have not received any other reports of issues with TOTP. You can test the OTP outputted by OnlyKey and compare to the expected output by using this site: https://totp.danhersam.com/ |
Yea I thought it was strange, I thought it might be the time issue, but simply downgrading fixed the issue instantly with the same setup on the slot. Might upgrade back to 2.1.2 and see if the issue persist. |
I can only double @bwoznicki OTP generated are just totally wrong from last upgrade |
Same, what worked for me originally is downgrade followed by upgrade, for some slots/sites the OTP is fine while for others just spits out wrong code. Looks like something causes it to go out of sync after a while. I have just logged off Github, logged back in and again the OTP is wrong. Happy to help with testing |
@bwoznicki I don't see any changes to TOTP in v2.1.1 vs v2.1.2 firmware. Can you provide a TOTP secret that generates a code different than this site on your Onlykey - https://totp.danhersam.com/ If I can replicate the issue I can fix it but so far have not been able to see any issues with TOTP. If time is correctly set on the computer where the OnlyKey app is running the app sends the time to OnlyKey and that is used to generate TOTP on device. |
I dont think this is easy to replicate as it takes time to go wrong. If I reset two-factor on Github now, it will work ok for few months. I never used to save the secret so could not compare the failing one coming from Only-key to what I get from https://totp.danhersam.com/ is it possible that secret it self gets corrupted somehow on the key ? Is it possible to retrieve the secret stored on the key ? |
I believe i found a solution, there must be time sync problem. Just had two different OATH-TOTP failing. Closing/reopening the onlykey app / reconnecting key fixed both. FYI @matbgn |
Yeah but if you want to rely on it for work it's not an option unfortunately. |
@bwoznicki Glad that worked for you. If removing device and reinserting corrects issue then I suspect the issue is time drift. The OnlyKey gets the correct time from the app when you first connect device but if you were to leave the OnlyKey plugged in for weeks or months and it could have some time drift over a long period of time like this. As TOTP requires time to be within a 30 second window if device has time that is even slightly off it would require resync by removing/reinserting device. |
It's clearly a time drift but for me it happens within a very few hours (<4) |
Acknowledging that this thread is a couple of years old so may no longer be an issue, but as it's still Open in case it is still an issue I just submitted a feature request that could help at least work around this time drift: https://onlykey.discourse.group/t/fido2-signcount-view-update-in-onlykey-app-cli-and-or-always-process-settime-oksettime-command-in-onlykey/1400 If the OnlyKey CLI |
Still an issue in m'y perspective, so thank you 🙏 |
There seems to be a problem with generated code for OATH-TOTP on firmware 2.1.2. I have originally setup authentication on 2.1.1 and everything was working fine ( Amazon / Github etc). Recently I have noticed that generated code never works, I have disconnected - reconnected key, wiped the slot and reconfigured again several times with no luck. Downgrading to 2.1.1 seems to fix the problem.
The text was updated successfully, but these errors were encountered: