1. Devin Martin
  2. KeeOtp
Issue #23 resolved

Error with characters - 0,1,8, and 9 deletes the key

Andrew Vineyard
created an issue

I've been having difficulties trying to copy an OTP code into my records, and after some sleuthing around, I discovered that for some strange reason the plugin refuses to accept those four numbers, and what it does is put the cursor back to the beginning of the line, and if you attempt to type any of the numbers again at the beginning of the line, it deletes the entire line. I don't understand why it doesn't accept those 4 numbers, but it's only those four. Every other number and every letter is read.

I can't even get the OTP plugin to read the key if I manually entered it into my record. As soon as I attempt to retrieve the 6 digit code, the plugin asks for a key, as if it doesn't see the current key.

Only steps to reproduce are to attempt to create a key, or even use a key, that has any one of those digits in it.

Thank you for your time in reviewing this issue. Have a good day.

Comments (5)

  1. Devin Martin repo owner

    The key entry mechanism uses Base32 encoding as described in RFC 4648. This standard is based around being easy for humans to type. This means it is case insensetive and omits several characters that can easly be confused. 0 (zero) has been omitted as it closely resembles o. Likewise 1 as it resembles i, 8 and B, 9 and and 6 or a.

    The older versions of KeeOtp would delete the key, I am not sure what the newer one is. In any case if your key has those characters it is either wrong, or using a different encoding. This is a known Issue (see #7 ) but hasn't really gained traction as all of the standard use cases for TOTP tend to follow Google's defacto standards and use base32.

    Do you happen to know the key encoding for certain?

  2. Andrew Vineyard reporter

    Unfortunately, I do not, but the site I use says they recommend I use Google Authenticator, which KeeOTP is suppose to be compatible with. So far the key looks like it's just hex characters.

    Edit: I got in contact with the site IT, and they said there's an issue with their OTP system. They're working on it, but it's slow going.

  3. Devin Martin repo owner

    If they are supposed to be compatible with the Google OTP implementation and are giving you 0, 8, and 9s in their key then there is most definitely a problem on their end. It is possible that they simply didn't encode properly.

    If they happen to be a .net shop they are welcome to use Base32

  4. Log in to comment