Master branch and v2.0.0 tag produce different totp tokens

Question

Master branch and v2.0.0 tag produce different totp tokens

conorgil opened this issue 7 years ago · 3 comments

I have been banging my head on this for a while and need someone to either tell me what silly thing I'm doing wrong, or help me figure out why the master branch is broken:

package.json

{
  "dependencies": {
    "speakeasy_v200": "https://github.com/speakeasyjs/speakeasy#4e0aa91dee166306e07ea11e371d5a5df95f4391",
    "speakeasy_master": "https://github.com/speakeasyjs/speakeasy#cb58351b7eb829719dbee2df2ede53d97721e"
  }
}

main.js

let speakeasy_v200 = require('speakeasy_v200');
let speakeasy_master = require('speakeasy_master');

let secret = 'xhwb2ilzt5gqyxrz';

// The v2.0.0 branch produces a code which
// DOES match that produced by
// Google Authenticator, FreeOTP, etc
let token_v200 = speakeasy_v200.totp({
  secret: secret,
  encoding: 'base32'
});
console.log('v2.0.0 = %s', token_v200);

// The master branch produces a code which
// DOES NOT match anything...
let token_master = speakeasy_master.totp({
  secret: secret,
  encoding: 'base32'
});
console.log('master = %s', token_master);

if(token_v200 !== token_master) {
  console.log('WAT?!?!?!?!');
}

Now, install and run:

$> yarn install
...
$> node main.js
v2.0.0 = 922665
master = 616379
WAT?!?!?!?!

Any thoughts, comments, hints, suggestions, second set of eyes, etc, etc are seriously appreciated. Thanks!

Answer 1 · 2017-10-23T19:08:33.000Z

Any thoughts/comments from the maintainers?

Answer 2 · 2017-11-19T14:02:24.000Z

There are a LOT of changes between master and 2.0.0 and there hasn't been a release in a while, the API probably changed.

Answer 3 · 2021-02-05T10:07:45.000Z

The base32 secret shown in your example is not a multiple of 8 in length - therefore this bug may be cased by #135