Many TOTP code generation apps do not support anything else than SHA1 hash,
even if the RFC recommends the use of SHA2 (SHA-256 or SHA-512).It is difficult
to get the exact info by platform and by application. I found this article on
the subject but it does not say what kind of non-default parameter makes an
application fail: Laban Sköllermark | Mobile Authenticator Apps Algorithm
Support Review - 2023 Edition (labanskoller.se)
For example, I could scan your code with Authy, MS Authenticator and Google
Authenticator on Android. Authy and MSA generated the same code, but not
Google. I do not know which one is correct (I could test on my Guacamole but do
not want to get locked out...)
If you want maximum compatibility, stay with sha1. The expiration of the time
based codes more than compensates for the "lower" security of sha1.
CheersAntoine
(PS: if you see some connection attempts from France, blame me, I could not
resist giving it try...)
Le jeudi 5 octobre 2023 à 14:53:00 UTC+2, Giacomo Marconi
<g.marc...@comune.arezzo.it> a écrit :
hi Nick
I’ve already tried default settings, and checked the time/date
Giacomo
On 5 Oct 2023, at 14:38, Nick Couchman <vn...@apache.org> wrote:
| Questa email arriva da un mittente insolito. Assicurati che sia qualcuno di
cui ti fidi. |
On Thu, Oct 5, 2023 at 8:03 AM Giacomo Marconi <g.marc...@comune.arezzo.it>
wrote:
Hi All
in my last Guacamole installation ver 1.5.3), the QR Code generated seems to be
wrong.The same TOTP App works only on one platform, for example Google
Authenticator read the qr code in Android, but not in IOS. FreeOTP is working
in IOS, but not in Android!As you can see in the attachment the Secret Key is
strangely long.I’ve tried to change the plugin (1.5.3/1.5.2/1.5.1) and the java
(Oracle JKD and openJDK) versions, without success.
Is it already happened to someone ?
I think the usual questions that come up are:* Are you trying to change any of
the parameters related to TOTP, or are you using the defaults (digits, time,
etc.)?* Have you verified that the clock on your Guacamole server(s) and your
mobile devices are in sync?
-Nick
