I’ve been using oathtool for a while. This tools are fun, and especially useful under an architecture like QubesOS where your TOTP VM can be separated by the hypervisor from the network and from the VM in which the login is occurring. Then you can have same-physical-device reasonably secure 2FA, and you only need a fuzzy clock sync between your totp vm and the world.
I’d have trouble trusting Python for something like this, just due to the chance of someone changing an important line subtly to steal secrets. Am I crazy?
Surely it’s harder to see the suspicious modification in a compiled form. If you’re going to rely on hash checks, say, instead of inspection, I would think that would apply equally well to any executable.
Was encrypted storage of the secrets intentionally foregone?
Then pass-otp might be better… at least the secrets are stored gpg-encrypted then :)
The secrets will be saved as a hidden file named
.mina.jsonin the home directory of the current user.This doesn’t offer any protection against other users on the same machine. Encrypting the secrets is the way to go, but in the meantime you should do
to prevent other users from being able to view the file.
That’s susceptible to race conditions. You have to do a little umask dance before creating the file.
I’ve been using oathtool for a while. This tools are fun, and especially useful under an architecture like QubesOS where your TOTP VM can be separated by the hypervisor from the network and from the VM in which the login is occurring. Then you can have same-physical-device reasonably secure 2FA, and you only need a fuzzy clock sync between your totp vm and the world.
I’d have trouble trusting Python for something like this, just due to the chance of someone changing an important line subtly to steal secrets. Am I crazy?
What language doesn’t allow people changing important lines?
A reasonable question which might betray my insanity for preferring compiled languages for handling private authentication materials.
Surely it’s harder to see the suspicious modification in a compiled form. If you’re going to rely on hash checks, say, instead of inspection, I would think that would apply equally well to any executable.