bug: Incorrect intitial HOTP code

Question

bug: Incorrect intitial HOTP code

Opened this issue 2 months ago · 1 comments

adriamontoto commented 2 months ago

Bug type

Error at runtime

App version

5.3.7

Device environment

iOS 17.5.1, iPhone 12 Pro

Bug description

I am facing an issue when generating OTP codes using HMAC. The first OTP code generated by 2FAS Auth does not match the first code generated by Google Authenticator or my python code.

Details:

URI: otpauth://hotp/test?secret=NLDCKV3Z7PIWGHFHYEMFWQQN63AU44CP&counter=0
Secret Key: NLDCKV3Z7PIWGHFHYEMFWQQN63AU44CP
Example:
Expected First OTP (Python/Google Authenticator): 695386 (index 0)
Actual First OTP (2FAS Auth): 441203 (which matches the second (index 1) OTP in Google Authenticator and my python code)
I have tested this with other secret keys and the issue persists.

Comment

This discrepancy suggests that 2FAS Auth might be misaligning the OTP generation sequence or using a different starting point for the HMAC-based OTP calculation.

Solution

No response

Additional context

No response

Acknowledgements

This issue is not a duplicate of an existing bug report.
I understand that security vulnerabilities should be reported to security@2fas.com instead of on GitHub.
I have chosen an appropriate title.
All requested information has been provided properly.

Answer 1 · 2024-08-19T09:30:53.000Z

Thank you. We'll check that out!