Re: otp auth can't scan qr code

Thu, 05 Oct 2023 07:44:46 -0700 

 Many TOTP code generation apps do not support anything else than SHA1 hash, 
even if the RFC recommends the use of SHA2 (SHA-256 or SHA-512).It is difficult 
to get the exact info by platform and by application. I found this article on 
the subject but it does not say what kind of non-default parameter makes an 
application fail: Laban Sköllermark | Mobile Authenticator Apps Algorithm 
Support Review - 2023 Edition (labanskoller.se)
For example, I could scan your code with Authy, MS Authenticator and Google 
Authenticator on Android. Authy and MSA generated the same code, but not 
Google. I do not know which one is correct (I could test on my Guacamole but do 
not want to get locked out...)
If you want maximum compatibility, stay with sha1. The expiration of the time 
based codes more than compensates for the "lower" security of sha1.
CheersAntoine
(PS: if you see some connection attempts from France, blame me, I could not 
resist giving it try...)

    Le jeudi 5 octobre 2023 à 14:53:00 UTC+2, Giacomo Marconi 
<[email protected]> a écrit :  
 
 hi Nick
I’ve already tried default settings, and checked the time/date
Giacomo


On 5 Oct 2023, at 14:38, Nick Couchman <[email protected]> wrote:

| Questa email arriva da un mittente insolito. Assicurati che sia qualcuno di 
cui ti fidi. |

On Thu, Oct 5, 2023 at 8:03 AM Giacomo Marconi <[email protected]> 
wrote:

Hi All
in my last Guacamole installation ver 1.5.3), the QR Code generated seems to be 
wrong.The same TOTP App works only on one platform, for example Google 
Authenticator read the qr code in Android, but not in IOS. FreeOTP is working 
in IOS, but not in Android!As you can see in the attachment the Secret Key is 
strangely long.I’ve tried to change the plugin (1.5.3/1.5.2/1.5.1) and the java 
(Oracle JKD and openJDK) versions, without success.
Is it already happened to someone ?


I think the usual questions that come up are:* Are you trying to change any of 
the parameters related to TOTP, or are you using the defaults (digits, time, 
etc.)?* Have you verified that the clock on your Guacamole server(s) and your 
mobile devices are in sync?
-Nick

Reply via email to