Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
zappem.net/pub/auth/otp
This package provides a Google Authenticator compatible One Time Pad (otp) implementation.
Automated documentation for this Go package is available from .
While the otp
package has no dependencies beyond the standard Go
packages, we include an example binary, example/main.go
, that serves
as a demonstration of using the package and includes the generation of
a QR code for enrolling a sample OTP config to the Google
Authenticator application. This generation uses the
github.com/skip2/go-qrcode
package.
To try this example:
$ go mod tidy
$ go build example/main.go
$ ./main
This will start a webserver listening to localhost:8080. The program generates a random new OTP secret each time it is invoked, and there is no lasting value to the generated key. But the compatibility with Google Authenticator can be validated using it. An example output looks like this:
The webserver:
shows an enrollment QR code for the stated secret. In a real
application, you would not normally show the 16 character base32
encoded secret like this. However, this secret or a copy of the QR
code can be used to backup your OTP setup. The QR code and the
secret will remain constant until you restart the main
program. That is, the QR code doesn't change if you refresh the
page.
shows three OTP codes one for each of the 30 seconds prior to, including, and just after the current time. If you refresh the page, these three codes may change if sufficient time has passed. If you import the QR code into Google Authenticator, you will see the OTP code for "myOTP: nobody@localhost" match one of these three codes. Which code depends on the time skew between your computer at the time you rendered the page and the time on your phone. If it takes a while to set things up, you may need to refresh the page to view a recent enough code.
given the way this OTP mechanism works, you can set up the same configuration on multiple phones and they will all generate the same OTP code sequences at the same times.
the --uri
command line flag for this example program inlines the
QR code using a data:image/png;base64,...
URI for the image data.
Without that flag, the image is generated as a separately loaded
qr.png
fetch.
The otp
package is distributed with the same BSD 3-clause license
as that used by golang itself.
Use the github otp
bug
tracker.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.