Hi Antoine
I have the same problem with defaults parameters (sha1) The problem is only while scanning, if I copy and paste the secret key manually in the apps, ALL apps are working. I am actually testing Guacamole 1.5.3 on 2 systems with the same problem: Ubuntu 22.0.4 host install from official docs Debian 12 using the script https://github.com/itiligent/Guacamole-Install I am also trying it on Alpine with docker, but I don’t understand how to right popolate the guacamole.properties with docker-compose (especially extensions). Next step is to test with Tomcat8. The production system (1.1.0) has been working since 2020 with about 500 users. I can’t migrate to the new and force people to use differents totp apps or telling them to copy 56 chars :) Giacomo > On 5 Oct 2023, at 16:44, Antoine Besnier <[email protected]> > wrote: > > Questa email arriva da un mittente insolito. Assicurati che sia qualcuno di > cui ti fidi. > Many TOTP code generation apps do not support anything else than SHA1 hash, > even if the RFC recommends the use of SHA2 (SHA-256 or SHA-512). > It is difficult to get the exact info by platform and by application. I found > this article on the subject but it does not say what kind of non-default > parameter makes an application fail: Laban Sköllermark | Mobile Authenticator > Apps Algorithm Support Review - 2023 Edition (labanskoller.se) > > For example, I could scan your code with Authy, MS Authenticator and Google > Authenticator on Android. Authy and MSA generated the same code, but not > Google. I do not know which one is correct (I could test on my Guacamole but > do not want to get locked out...) > > If you want maximum compatibility, stay with sha1. The expiration of the time > based codes more than compensates for the "lower" security of sha1. > > Cheers > Antoine > > (PS: if you see some connection attempts from France, blame me, I could not > resist giving it try...) > > Le jeudi 5 octobre 2023 à 14:53:00 UTC+2, Giacomo Marconi > <[email protected]> a écrit : > > > hi Nick > > I’ve already tried default settings, and checked the time/date > > Giacomo > >> On 5 Oct 2023, at 14:38, Nick Couchman <[email protected]> wrote: >> >> Questa email arriva da un mittente insolito. Assicurati che sia qualcuno di >> cui ti fidi. >> On Thu, Oct 5, 2023 at 8:03 AM Giacomo Marconi <[email protected]> >> wrote: >> Hi All >> >> in my last Guacamole installation ver 1.5.3), the QR Code generated seems to >> be wrong. >> The same TOTP App works only on one platform, for example Google >> Authenticator read the qr code in Android, but not in IOS. FreeOTP is >> working in IOS, but not in Android! >> As you can see in the attachment the Secret Key is strangely long. >> I’ve tried to change the plugin (1.5.3/1.5.2/1.5.1) and the java (Oracle JKD >> and openJDK) versions, without success. >> >> Is it already happened to someone ? >> >> >> I think the usual questions that come up are: >> * Are you trying to change any of the parameters related to TOTP, or are you >> using the defaults (digits, time, etc.)? >> * Have you verified that the clock on your Guacamole server(s) and your >> mobile devices are in sync? >> >> -Nick > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
