speakeasy
Advanced tools
Comparing version 1.0.1 to 1.0.2
@@ -5,2 +5,9 @@ Speakeasy | ||
| 1.0.2 | ||
| ===== | ||
| Bugfix release. | ||
| - Remove global leaks. Thanks for the fix, mashihua. | ||
| 1.0.1 | ||
@@ -7,0 +14,0 @@ ===== |
@@ -30,3 +30,3 @@ // # speakeasy | ||
| speakeasy = {} | ||
| var speakeasy = {} | ||
@@ -64,4 +64,4 @@ // speakeasy.hotp(options) | ||
| for (i = 0; i < 8; i++) { | ||
| i_from_right = 7 - i; | ||
| for (var i = 0; i < 8; i++) { | ||
| var i_from_right = 7 - i; | ||
@@ -137,6 +137,6 @@ // mask 255 over number to get last 8 | ||
| // calculate counter value | ||
| counter = Math.floor((time - initial_time)/ step); | ||
| var counter = Math.floor((time - initial_time)/ step); | ||
| // pass to hotp | ||
| code = this.hotp({key: key, length: length, encoding: encoding, counter: counter}); | ||
| var code = this.hotp({key: key, length: length, encoding: encoding, counter: counter}); | ||
@@ -216,3 +216,3 @@ // return the code | ||
| // return a SecretKey with ascii, hex, and base32 | ||
| SecretKey = {}; | ||
| var SecretKey = {}; | ||
| SecretKey.ascii = key; | ||
@@ -219,0 +219,0 @@ SecretKey.hex = this.ascii_to_hex(key); |
@@ -5,3 +5,3 @@ { | ||
| "description": "Easy two-factor authentication with node.js. Time-based or counter-based (HOTP/TOTP), and supports the Google Authenticator mobile app. Also includes a key generator. Uses the HMAC One-Time Password algorithms.", | ||
| "version": "1.0.1", | ||
| "version": "1.0.2", | ||
| "homepage": "http://github.com/markbao/speakeasy", | ||
@@ -8,0 +8,0 @@ "repository": { |
@@ -91,3 +91,3 @@ # speakeasy | ||
| * `step` (default `30`): the time step, in seconds, between new passwords (moving factor). `X` in the algorithm. | ||
| * `time` (default current time): the time to calculate the TOTP from, by default the current time. If you're doing something clever with TOTP, you may override this (see *Techniques & Patterns below*). `T` in the algorithm. | ||
| * `time` (default current time): the time to calculate the TOTP from, by default the current time. If you're doing something clever with TOTP, you may override this (see *Techniques* below). `T` in the algorithm. | ||
| * `initial_time` (default `0`): the starting time where we calculate the TOTP from. Usually, this is set to the UNIX epoch at 0. `T0` in the algorithm. | ||
@@ -115,3 +115,3 @@ * `length` (default `6`): the length of the resulting one-time password. | ||
| #### Techniques & Patterns | ||
| #### Techniques | ||
@@ -128,4 +128,4 @@ You can implement a double-authentication scheme, where you ask the user to input the one-time password once, wait until the next 30-second refresh, and then input the one-time password again. In this case, you can calculate the second (later) input by calculating TOTP as usual, then also verify the first (earlier) input by taking the current epoch time in seconds and subtracting 30 seconds to get to the previous step (for example: `time1 = (parseInt(new Date()/1000) - 30)`) | ||
| * `symbols` (default `true`): include symbols in the key? if not, the key will be alphanumeric, {A-Z, a-z, 0-9} | ||
| * `qr_codes` (default `false`): generate links to QR codes for each encoding (ASCII, hexadecimal, and base32). It uses the Google Charts API and they are served over HTTPS. A future version might allow for QR code generation client-side for security. **This is `false` by default, by design. Google uses it for their two-step setup. Do not use if you don't feel comfortable with it.** | ||
| * `google_auth_qr` (default `false`): generate a link to a QR code that you can scan using the Google Authenticator app. The contents of the QR code are in this format: `otpauth://totp/[KEY NAME]?secret=[KEY SECRET, BASE 32]`. **This is `false` by default, by design. Google uses it for their two-step setup. Do not use if you don't feel comfortable with it.** | ||
| * `qr_codes` (default `false`): generate links to QR codes for each encoding (ASCII, hexadecimal, and base32). It uses the Google Charts API and they are served over HTTPS. A future version might allow for QR code generation client-side for security. | ||
| * `google_auth_qr` (default `false`): generate a link to a QR code that you can scan using the Google Authenticator app. The contents of the QR code are in this format: `otpauth://totp/[KEY NAME]?secret=[KEY SECRET, BASE 32]`. | ||
| * `name` (optional): specify a name when you are using `google_auth_qr`, which will show up as the label after scanning. `[KEY NAME]` in the previous line. | ||
@@ -132,0 +132,0 @@ |
Worsened metrics
- Total package byte prevSize
- decreased by-0.25%
73681