(blog.singleton.io)

274 points alexmolas | 1 comments | 26 Jul 24 19:20 UTC | HN request time: 0.001s | source

Show context

guenthert ◴[27 Jul 24 07:31 UTC] No.41085020[source]▶

> To add the secret to the watchface code, you need to convert it to hexadecimal bytes. This cryptii.com page will allow you to do that conversion. Note you’ll have to enter your TOTP secret in uppercase.

I wouldn't be comfortable entering my TOTP secret into a random web page. In Linux (Ubuntu here, probably other distributions as well) you might have the `base32` and `od` tools already installed (package 'coreutils').

Otherwise the project is awesome (just the watch is fugly :))

replies(4): >>41085069 #>>41085463 #>>41087879 #>>41088189 #

pimlottc ◴[27 Jul 24 17:47 UTC] No.41088189[source]▶

>>41085020 #

If you must use a web app, you can at least use CyberChef, which runs entirely in the client and is widely used in security testing.

https://gchq.github.io/CyberChef/

replies(1): >>41089434 #

1. gchq-7703 ◴[27 Jul 24 21:22 UTC] No.41089434[source]▶

>>41088189 #

Example recipe to do it for you:

    https://gchq.github.io/CyberChef/#recipe=To_Upper_case('All')To_Base32('A-Z2-7%3D')

It looks like 'cryptii' also appears to do all processing client-side.

↑

TOTP tokens on my wrist with the smartest dumb watch