token2/authy
0
0
Fork 0
mirror of https://github.com/token2/authy.git synced 2026-03-13 11:10:55 -07:00
Code Issues Packages Projects Releases Wiki Activity
23 Commits 1 Branch 10 Tags
master
Commit Graph

23 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Zorin
0c25c0dd9a try fix 'go get' 2021-04-20 17:37:49 +10:00
Alex Zorin
64ee05f6b0 README: clarify authy apps 2020-10-24 18:43:41 +11:00
Alex Zorin
e81b4dcb3c README: describe the limitations of "Twitch Apps" 2020-10-24 18:13:43 +11:00
Alex Zorin
65c1e3e143 try fix travis builds v0.3.1 2020-10-20 08:08:36 +11:00
Kai Michael Poppe
6f70de9faf Repo Licensing (#10) 
To have GitHub show the License in the About box it must be in a seperate file.
v0.3.0 		2020-10-20 07:30:37 +11:00
Lukáš Zapletal
84eadf0a2e Added batch support (#11) 2020-10-20 07:29:43 +11:00
Dan Jones
0b202378b2 📚 Add installation instructions to README (#5) 
Add installation instructions to README
 2020-03-14 08:13:25 +11:00
Alex Zorin
5b8cf6adc0 missing continue in error case 2019-08-26 09:40:27 +10:00
Alex Zorin
17307ff610 Add support for "Authy Apps". 
For example, what Cloudflare and Humble Bundle used to use, and
what Twitch.tv uses currently.

The difference to the regular "authenticator tokens" seems to be
that the tokens are issued on a per-device basis, which presumably
makes them revocable. Since Authy is the authoritative issuer of
these tokens, they are not encrypted in the API. The other difference
is in the key length and the period (10 seconds rather than 30).

Fixes #3.
v0.2.0 		2019-08-26 09:29:37 +10:00
Alex Zorin
eac435bffd decrypt: the "constant time" comparison, wasn't 2019-07-30 19:38:54 +10:00
Alex Zorin
8b5c58d1d7 decryption: extra guard for padding bounds 2019-07-30 19:29:09 +10:00
Alex Zorin
3eabc63e63 decryption: perform sanity checking on padding 
Fixes the panic reported in #2
 2019-07-30 19:15:11 +10:00
Alex Zorin
89feca9414 README: document fix for "missing tokens" 
It may be necessary to force the Authy app to resynchronize its backups
before authy-export is able to see all of them.

Resolves #1.
 2019-07-30 08:40:21 +10:00
Alex Zorin
66bacad2aa Add fallbacks for token name if OriginalName unset 
Will use Name if it is available, and otherwise will use UniqueID, which
is not descriptive but should always be available.

Should fix one of the complaints reported in #1.
v0.1.2 		2019-07-30 06:48:06 +10:00
Alex Zorin
b6a562baec Allow debug printing of raw responses from Authy. 
To enable, run with environment variable:

    AUTHY_DEBUG=1

This will hopefully make it easier to investigate issues like #1.
 2019-07-29 11:14:36 +10:00
Alex Zorin
3dfaab9d67 ci: build Windows releases with .exe extension v0.1.1 2019-07-29 09:56:01 +10:00
Alex Zorin
75cb1898dc Fix CBC padding detection for unaligned secrets 
Unfortunately I had assumed that TOTP secrets are always aligned
to the AES block size (16 bytes), but this turns out not to be the
case.

As a result, these tokens would have been decrypted incorrectly.

This commit (hopefully) properly unpads the cleartext after decryption.
v0.1.0 		2019-07-23 08:32:28 +10:00
Alex Zorin
6786069cde BUG: Truncation of CBC padding was wrong 
Resulting in wrong decryption for large secrets. Whoops.
v0.0.4 		2019-07-14 10:43:51 +10:00
Alex Zorin
5e6fdc98b0 Update to Go 1.12.7 2019-07-14 10:21:04 +10:00
Alex Zorin
5019d28d69 Update README with importing hint v0.0.3 2019-07-13 17:35:00 +10:00
Alex Zorin
d397f9847e export: Base32 needs to be uppercase 2019-07-13 16:59:10 +10:00
Alex Zorin
664637bedf Add licence and try fix build v0.0.2 2019-07-13 16:49:09 +10:00
Alex Zorin
56ec588e36 Initial commit v0.0.1 2019-07-13 16:39:43 +10:00