While playing with the AuthBy SQLTOTP module, I came across a couple of errors in the documentation of the AuthSelect parameter (section 5.82.2 of the reference manual).
* The description and default query are missing field 6 (last_timestep). This is particularly unfortunate, because if you use the query from the documentation, or a similar query based on it that omits field 6, then you lose replay protection. (The actual default query in AuthSQLTOTP.pm is correct, however.) * The documentation describes field 0 as the HEX encoded AES secret. In fact, TOTP does not use AES, it uses HMAC-SHA1. The SQLHOTP doc contains the same error re AES - I haven't verified the query in the doc as I've not played with that module. Regards roy -- Roy Badami Roboreus Ltd Third Floor The Place 175 High Holborn London WC1V 7AA _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
