01-20-2020, 09:51 PM
I did something pretty cool today. The crypto exchange offers to use 2FA (aka Google Authenticator) when using their API.
Of course, you don't want to sit in front of the computer all day to enter the 6 digits code whenever the bot wants to make an API call.
I did some research and found out that Google Authenticator is essentially just an implementation of a 10 years old standard Internet protocol:
https://tools.ietf.org/html/rfc6238
A decent (but not working) implementation can be found at:
https://github.com/jamesliu96/totp
With that done, it is pretty cool, I can feed automatically 2FA codes from software. I have no need for Google Authenticator anymore to use 2FA. As an extra benefit, you can tweak the encryption used.
By default Google app use the SHA1 20 bytes digest to generate a 6 digits code. I did beef up the crypto to use SHA512 64 bytes long digest to generate a 8 digits code.
It works flawlessly... I can go to bed with a smile... I had fun day today...
Of course, you don't want to sit in front of the computer all day to enter the 6 digits code whenever the bot wants to make an API call.
I did some research and found out that Google Authenticator is essentially just an implementation of a 10 years old standard Internet protocol:
https://tools.ietf.org/html/rfc6238
A decent (but not working) implementation can be found at:
https://github.com/jamesliu96/totp
With that done, it is pretty cool, I can feed automatically 2FA codes from software. I have no need for Google Authenticator anymore to use 2FA. As an extra benefit, you can tweak the encryption used.
By default Google app use the SHA1 20 bytes digest to generate a 6 digits code. I did beef up the crypto to use SHA512 64 bytes long digest to generate a 8 digits code.
It works flawlessly... I can go to bed with a smile... I had fun day today...
