https://github.com/gbraad?tab=activity
The guy who owns that github account last signed in 10 days ago, it's fine.
Topic: How to use 2-factor auth on mtgox, even without a smartphone - page 2. (Read 27356 times)
can someone confirm its safe to download the file given in this tutorial from the site github because i dont know github & OP has not signed in since march - no offense just a newbie donk
[/quote]
Wrong time zone on the offline computer?
[/quote]
I guess that mini xp don't have time zone setup!
I'll check it again today!
I done 2fa setup for bitcoincentral with same online comp and intend similar for mtgox until yubikey arrive.
Or use the google authenticator app on an offline computer.
the clock on an offline computer will vary over time, which will make your otp give a bad result. update the time manually if the otp is gives doesn't work.
I tried to set 2fa on mtgox use this method via offlline computer (mini winxp on hirens boot usb) and get wrong otp. I had set time and date same in second and get different otps. Online (same comp as mtgox session) generated otp well matched.
any advice, what is going wrong? thanks in advance!
Or use the google authenticator app on an offline computer.
the clock on an offline computer will vary over time, which will make your otp give a bad result. update the time manually if the otp is gives doesn't work.
I tried to set 2fa on mtgox use this method via offlline computer (mini winxp on hirens boot usb) and get wrong otp. I had set time and date same in second and get different otps. Online (same comp as mtgox session) generated otp well matched.
any advice, what is going wrong? thanks in advance!
This is most likely the clock creep issue. The OTP only lasts for 30 seconds, so if the clock is wrong it will not be calculated for the correct time as observed by Mt. Gox. The best solution is to use a system connected to a time (NTP) server, otherwise you'll have to update the clock manually.
Or use the google authenticator app on an offline computer.
the clock on an offline computer will vary over time, which will make your otp give a bad result. update the time manually if the otp is gives doesn't work.
I tried to set 2fa on mtgox use this method via offlline computer (mini winxp on hirens boot usb) and get wrong otp. I had set time and date same in second and get different otps. Online (same comp as mtgox session) generated otp well matched.
any advice, what is going wrong? thanks in advance!
and a Gox yubikey is only $29 last time I checked.
They sent me one for free, it is really I nice piece of hardware.
short press and long press. So you have built in additional press to withdraw
They sent me one for free, it is really I nice piece of hardware.
short press and long press. So you have built in additional press to withdraw
Two-factor provides security when every withdrawal or security change (e.g., change password, e-mail address, remove two-factor, etc.) action will require a new OTP to be entered.
This is addressed in this thread:
A plea to exchanges ... lets do 2 factor right!
- https://bitcointalksearch.org/topic/a-plea-to-exchanges-lets-do-2-factor-right-109424
If your exchange or EWallet provider claims to have two-factor but doesn't do two-factor right, let them know otherwise they'll continue thinking they are protecting their customers which can be even worse, due to having a false sense of security ("oh ya, I have two factor -- I'm safe storing even larger amounts there now!").
Here's a list of EWallets where two-factor is offered:
- http://bitcoin.stackexchange.com/a/4114/153
This is addressed in this thread:
A plea to exchanges ... lets do 2 factor right!
- https://bitcointalksearch.org/topic/a-plea-to-exchanges-lets-do-2-factor-right-109424
If your exchange or EWallet provider claims to have two-factor but doesn't do two-factor right, let them know otherwise they'll continue thinking they are protecting their customers which can be even worse, due to having a false sense of security ("oh ya, I have two factor -- I'm safe storing even larger amounts there now!").
Here's a list of EWallets where two-factor is offered:
- http://bitcoin.stackexchange.com/a/4114/153
September 25, 2012, 11:40:31 AM
Excellent tutorial, and well written. We should see more like this!
September 25, 2012, 03:34:41 AM
As an alternative to deleting the entry (on computers rather than phones) when you're done, just store the entire GAuth directory on an encrypted volume (e.g. TrueCrypt) and only mount it when you need it.
That's a good idea, but it won't work. The GAuth page/app uses html5 localStorage, so the entry/"secret key" gets saved to the browser's data/cache folder, not to the folder with the GAuth html and javascript files.
You could edit the GAuth javascript file and replace the hardcoded example [email protected]. Then it would be contained in the Gauth folder.
Ah well, the Python script will be good enough for me. Which takes care of that problem.
September 25, 2012, 03:30:49 AM
btw, if you use that python script, you have to add padding to the "secure private key" mtgox provides (other google auth apps will accept the secret key without padding). So "RPAAJZCGOW7NSAAJCFRCCHIN44" with base32 padding becomes "RPAAJZCGOW7NSAAJCFRCCHIN44======".
Code:
>>> import hmac, base64, struct, hashlib, time
>>> import onetimepass as otp
>>> my_secret = "RPAAJZCGOW7NSAAJCFRCCHIN44======"
>>> otp.get_totp(my_secret)
956735
Yep, that works. Is there a way to report the number of seconds the OTP is valid for? I can only see the check for whether it's true or false (and invoking that in the same script will always return true).
September 24, 2012, 05:04:30 PM
As an alternative to deleting the entry (on computers rather than phones) when you're done, just store the entire GAuth directory on an encrypted volume (e.g. TrueCrypt) and only mount it when you need it.
That's a good idea, but it won't work. The GAuth page/app uses html5 localStorage, so the entry/"secret key" gets saved to the browser's data/cache folder, not to the folder with the GAuth html and javascript files.
You could edit the GAuth javascript file and replace the hardcoded example [email protected]. Then it would be contained in the Gauth folder.
September 24, 2012, 04:46:13 PM
As an alternative to deleting the entry (on computers rather than phones) when you're done, just store the entire GAuth directory on an encrypted volume (e.g. TrueCrypt) and only mount it when you need it.
September 23, 2012, 02:31:00 PM
NIce work on the tut very handy ifor! I will throw some your way aswell soon thanks!
Very cool, thanks for the guide. Put up a donation address and I will send you a few bitcents for your trouble. 
I also found that the HTML5 app works in Opera Mobile, so I now have Google Auth on my Nokia (Symbian) phone!
I also found that the HTML5 app works in Opera Mobile, so I now have Google Auth on my Nokia (Symbian) phone!
You're very welcome. tip jar: 1DUCK7StixdPxMCia8qgqQ6zoaGRdGRnqU
Very cool, thanks for the guide. Put up a donation address and I will send you a few bitcents for your trouble.
I also found that the HTML5 app works in Opera Mobile, so I now have Google Auth on my Nokia (Symbian) phone!
I also found that the HTML5 app works in Opera Mobile, so I now have Google Auth on my Nokia (Symbian) phone!
Is it that if you have no phone you have to get a yubikey instead?
if you have no phone, you can use the html5 app.And if you don't have a graphical front-end at all (text-only terminal console), there is a python script on github that does the hmac hash calculation for you.
h
btw, if you use that python script, you have to add padding to the "secure private key" mtgox provides (other google auth apps will accept the secret key without padding). So "RPAAJZCGOW7NSAAJCFRCCHIN44" with base32 padding becomes "RPAAJZCGOW7NSAAJCFRCCHIN44======".
Code:
>>> import hmac, base64, struct, hashlib, time
>>> import onetimepass as otp
>>> my_secret = "RPAAJZCGOW7NSAAJCFRCCHIN44======"
>>> otp.get_totp(my_secret)
956735
is there a way to use 2 factor auth on your bitcoin wallet?
Is it that if you have no phone you have to get a yubikey instead?
if you have no phone, you can use the html5 app.And if you don't have a graphical front-end at all (text-only terminal console), there is a python script on github that does the hmac hash calculation for you.
h
This seems to assume you have a phone? Yet subject/title said even without one?
Is it that if you have no phone you have to get a yubikey instead?
-MarkM-
Is it that if you have no phone you have to get a yubikey instead?
-MarkM-
Jump to: