Adding OTP grid card functionality #131
Conversation
Generates and validates cards similar to this: http://www.entrust.com/wp-content/uploads/2013/08/card_back-patent.jpg Also, due to the bug I found in the random number generator, I am using mt_rand() instead.
|
Hi, |
|
I'm sorry but I find github ridiculously confusing and difficult to use. If you could do that for me, that would be awesome. I thought I did, but I guess it all went into one. Anyway, the commits on Sep 9 should be one PR and the ones on Sep 12 should be another PR. |
|
I just published a demonstration application using |
|
@hablutzel1 Oh hey. Neat! Glad you found the code useful. Keep in mind that compared with other two factor authentication methods, I would consider this to be significantly weaker, simply because it can be reproduced very easily. If you leave the card lying on your desk someone just has to pull out their phone and snap a picture of it and they have duplicated it 100%, whereas hardware dongles, or TOTP like Google Authenticator on your phone are not as easily duplicated. Also, if someone is able to intercept the values you send to the server, after 20-30 authentications they would have practically your whole card, unless you expire them. Then again, it's extremely cheap to produce and doesn't require a phone or expensive devices and does add another layer of security. My bank uses it too (which is where I got the idea from), so either it's not really that bad, or my bank is not really that good: |
I edited Core.php inline, but yet github is finding all these differences. I only added 3 new lines.