Pages:
Author

Topic: Generate Google Authenticator OTPs with a TI89? (Read 5693 times)

newbie
Activity: 2
Merit: 0
December 05, 2014, 12:03:29 AM
#23
Hey guys, sorry for posting on a dead thread, but I just wrote a TOTP implementation for my TI-89, and I found this via Google. I wanted to let you know that it works!

Unfortunately, my code takes just over one minute to generate an OTP. This is using the TI-Basic language, which is really bad performance-wise. Plus, the bit shift and bit rotate functions keep generating warning messages. You can write programs for the TI-89 in C, so going that route would probably give you an answer in a more usable timeframe.

If there's still any interest in this subject, let me know. I could grab my old cable and upload the files for anyone else curious. Heck, I might take a stab at the C rewrite as my next project.

Edit: Here it is! https://www.github.com/divergentdave/TOTP-89
member
Activity: 98
Merit: 10
(:firstbits => "1mantis")
Checks mail for yubikey.

Nope!

Maybe Monday! :-(
member
Activity: 98
Merit: 10
Correct me if I'm wrong but if you can generate the codes, then anyone can do it which means it's useless. I thought most of these keys are salted with some specific to your account and I doubt youll be able to figure out what it is and I doubt the bank or wherever would tell you.

Most/all OTP tokens generate OTPs based a hash function of either a Secret Key and The Time or a Secret Key and the Number of Keys Generated So Far.

The one I use for work is based on (as far as I can tell) a secret key and a counter. This is probably much less secure than a time-based OTP.
hero member
Activity: 658
Merit: 500
Correct me if I'm wrong but if you can generate the codes, then anyone can do it which means it's useless. I thought most of these keys are salted with some specific to your account and I doubt youll be able to figure out what it is and I doubt the bank or wherever would tell you.
member
Activity: 98
Merit: 10
(:firstbits => "1mantis")
It would be really cool if i could use my bank token generator or any token generator out there "WoW, etc..." for sites that support Yubikey, Google, etc..

Now THAT would be one hell of a bounty Smiley
member
Activity: 98
Merit: 10
(:firstbits => "1mantis")
My bank gives me a Token generate that I use when I sign into my bank account online. It displays a 6 digit number and they change every 30 seconds I think.

I belive Yubikey is based on the same thing. Just instead of displaying it on a screen it pastes it into the keyword buffer through the USB port or RFID.

It would be cool to have a token generator that doesn't cost $20.
hero member
Activity: 728
Merit: 500
As stated, the only real issue you'd have with the hardware of the calculator is keeping track of time.  TI89 has a real-time clock, and the backup battery (beneath the AAAs) will keep this running.  The main concern is that you likely do not have efficient means of keeping the clock synchronized to a network time.  Google's newest release of the app now even contains its own NTP task to fetch a time rather than using the phones. I haven't looked into it, but given the app, and the pseudo-code you posted, your grace period is exactly 30 seconds.  How long you have remaining (the countdown in the app) is controled by the modulo 30 of the time seed used.  I would expect that there are open implementations of SHA1 and the necessary hash functions you need in TI-BASIC89.  Really should be quite simple to implement, just need to make sure you check that your clock is accurate fairly regularly.

Do you think its something a novice could do? Also, I couldn't find any sha1 implementations after looking around.
newbie
Activity: 14
Merit: 0
As stated, the only real issue you'd have with the hardware of the calculator is keeping track of time.  TI89 has a real-time clock, and the backup battery (beneath the AAAs) will keep this running.  The main concern is that you likely do not have efficient means of keeping the clock synchronized to a network time.  Google's newest release of the app now even contains its own NTP task to fetch a time rather than using the phones. I haven't looked into it, but given the app, and the pseudo-code you posted, your grace period is exactly 30 seconds.  How long you have remaining (the countdown in the app) is controled by the modulo 30 of the time seed used.  I would expect that there are open implementations of SHA1 and the necessary hash functions you need in TI-BASIC89.  Really should be quite simple to implement, just need to make sure you check that your clock is accurate fairly regularly.
hero member
Activity: 728
Merit: 500
I actually got mine lost/stolen, but would buy a new one anyway. Does it do unix time or just that format. Does it count seconds?
REF
hero member
Activity: 529
Merit: 500
TI-89 does keep track of time. I use that calculator everyday. It has a built in clock, you can set the time format 12/24hrs, hour, minute, am/pm, choice the date format MM/DD/YY, year, and month.
hero member
Activity: 728
Merit: 500
gotta implement hmac-sha1 in TI-BASIC89
hero member
Activity: 566
Merit: 500
The big thing is you need hashing functions and I am fairly sure the TI-89 doesn't have that. I did do my share of programming on that bad boy 10 years ago...

I only havae my TI-86, so I can't help you out. Yes, I know I could emulate it...
hero member
Activity: 728
Merit: 500
I think manual entry would work as long as it only needs to be accurate to a few seconds. Really it is only the last few digits that would change.

edit: then again I have never worked with this so I don't know.
hero member
Activity: 728
Merit: 500
one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!

Also it may take too long to enter in the unix time into the program

How well are we talking. 1 second? 10 seconds?
legendary
Activity: 938
Merit: 1000
What's a GPU?
one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!

Also it may take too long to enter in the unix time into the program

You would just enter it in advance then wait for the actual time to catch up to you Tongue Is that not obvious?
legendary
Activity: 1498
Merit: 1000
one of those did say it had an internal time system, that should be good enough if it keeps time well. now just get someone who knows of TI-Basic and your ready!

Also it may take too long to enter in the unix time into the program
hero member
Activity: 728
Merit: 500
it is should be fairly accurate and the grace period isn't that long, I have implement google authenticator on some sites and it wants it too be pretty accurate. But honestly I don't think a TI-89 has any time and that is more important the grace period can always be tweaked in code.

I would just read the unix time off some website and manually enter it in when I want to log on.

Also, there are a bunch of programs that claim to keep track of time (I haven't tried any):
http://www.ticalc.org/pub/89/basic/programs/time/
legendary
Activity: 938
Merit: 1000
What's a GPU?
I want one for my c64 Cheesy

10btc bounty!
legendary
Activity: 1498
Merit: 1000
it is should be fairly accurate and the grace period isn't that long, I have implement google authenticator on some sites and it wants it too be pretty accurate. But honestly I don't think a TI-89 has any time and that is more important the grace period can always be tweaked in code.
hero member
Activity: 728
Merit: 500
How accurate does the time need to be? My understanding is that there is a "grace period" so there are a number of different OTPs that would be accepted on the website end. Maybe I am wrong.
Pages:
Jump to: