Hey guys, sorry for posting on a dead thread, but I just wrote a TOTP implementation for my TI-89, and I found this via Google. I wanted to let you know that it works!
Unfortunately, my code takes just over one minute to generate an OTP. This is using the TI-Basic language, which is really bad performance-wise. Plus, the bit shift and bit rotate functions keep generating warning messages. You can write programs for the TI-89 in C, so going that route would probably give you an answer in a more usable timeframe.
If there's still any interest in this subject, let me know. I could grab my old cable and upload the files for anyone else curious. Heck, I might take a stab at the C rewrite as my next project.
Edit: Here it is! https://www.github.com/divergentdave/TOTP-89
Topic: Generate Google Authenticator OTPs with a TI89? (Read 5683 times)
Checks mail for yubikey.
Nope!
Maybe Monday! :-(
Nope!
Maybe Monday! :-(
Correct me if I'm wrong but if you can generate the codes, then anyone can do it which means it's useless. I thought most of these keys are salted with some specific to your account and I doubt youll be able to figure out what it is and I doubt the bank or wherever would tell you.
Most/all OTP tokens generate OTPs based a hash function of either a Secret Key and The Time or a Secret Key and the Number of Keys Generated So Far.
The one I use for work is based on (as far as I can tell) a secret key and a counter. This is probably much less secure than a time-based OTP.
Correct me if I'm wrong but if you can generate the codes, then anyone can do it which means it's useless. I thought most of these keys are salted with some specific to your account and I doubt youll be able to figure out what it is and I doubt the bank or wherever would tell you.
It would be really cool if i could use my bank token generator or any token generator out there "WoW, etc..." for sites that support Yubikey, Google, etc..
Now THAT would be one hell of a bounty
Now THAT would be one hell of a bounty
My bank gives me a Token generate that I use when I sign into my bank account online. It displays a 6 digit number and they change every 30 seconds I think.
I belive Yubikey is based on the same thing. Just instead of displaying it on a screen it pastes it into the keyword buffer through the USB port or RFID.
It would be cool to have a token generator that doesn't cost $20.
I belive Yubikey is based on the same thing. Just instead of displaying it on a screen it pastes it into the keyword buffer through the USB port or RFID.
It would be cool to have a token generator that doesn't cost $20.
As stated, the only real issue you'd have with the hardware of the calculator is keeping track of time. TI89 has a real-time clock, and the backup battery (beneath the AAAs) will keep this running. The main concern is that you likely do not have efficient means of keeping the clock synchronized to a network time. Google's newest release of the app now even contains its own NTP task to fetch a time rather than using the phones. I haven't looked into it, but given the app, and the pseudo-code you posted, your grace period is exactly 30 seconds. How long you have remaining (the countdown in the app) is controled by the modulo 30 of the time seed used. I would expect that there are open implementations of SHA1 and the necessary hash functions you need in TI-BASIC89. Really should be quite simple to implement, just need to make sure you check that your clock is accurate fairly regularly.
Do you think its something a novice could do? Also, I couldn't find any sha1 implementations after looking around.
As stated, the only real issue you'd have with the hardware of the calculator is keeping track of time. TI89 has a real-time clock, and the backup battery (beneath the AAAs) will keep this running. The main concern is that you likely do not have efficient means of keeping the clock synchronized to a network time. Google's newest release of the app now even contains its own NTP task to fetch a time rather than using the phones. I haven't looked into it, but given the app, and the pseudo-code you posted, your grace period is exactly 30 seconds. How long you have remaining (the countdown in the app) is controled by the modulo 30 of the time seed used. I would expect that there are open implementations of SHA1 and the necessary hash functions you need in TI-BASIC89. Really should be quite simple to implement, just need to make sure you check that your clock is accurate fairly regularly.
I actually got mine lost/stolen, but would buy a new one anyway. Does it do unix time or just that format. Does it count seconds?
TI-89 does keep track of time. I use that calculator everyday. It has a built in clock, you can set the time format 12/24hrs, hour, minute, am/pm, choice the date format MM/DD/YY, year, and month.
gotta implement hmac-sha1 in TI-BASIC89
The big thing is you need hashing functions and I am fairly sure the TI-89 doesn't have that. I did do my share of programming on that bad boy 10 years ago...
I only havae my TI-86, so I can't help you out. Yes, I know I could emulate it...
I only havae my TI-86, so I can't help you out. Yes, I know I could emulate it...
I think manual entry would work as long as it only needs to be accurate to a few seconds. Really it is only the last few digits that would change.
edit: then again I have never worked with this so I don't know.
edit: then again I have never worked with this so I don't know.
one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!
Also it may take too long to enter in the unix time into the program
Also it may take too long to enter in the unix time into the program
How well are we talking. 1 second? 10 seconds?
one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!
Also it may take too long to enter in the unix time into the program
Also it may take too long to enter in the unix time into the program
You would just enter it in advance then wait for the actual time to catch up to you
Is that not obvious?
one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!
Also it may take too long to enter in the unix time into the program
Also it may take too long to enter in the unix time into the program
it is should be fairly accurate and the grace period isn't that long, I have implement google authenticator on some sites and it wants it too be pretty accurate. But honestly I don't think a TI-89 has any time and that is more important the grace period can always be tweaked in code.
I would just read the unix time off some website and manually enter it in when I want to log on.
Also, there are a bunch of programs that claim to keep track of time (I haven't tried any):
http://www.ticalc.org/pub/89/basic/programs/time/
I want one for my c64 
10btc bounty!
10btc bounty!
it is should be fairly accurate and the grace period isn't that long, I have implement google authenticator on some sites and it wants it too be pretty accurate. But honestly I don't think a TI-89 has any time and that is more important the grace period can always be tweaked in code.
How accurate does the time need to be? My understanding is that there is a "grace period" so there are a number of different OTPs that would be accepted on the website end. Maybe I am wrong.
Jump to: