[COLUG] Enterprise Two Factor Authentication

Jim jep200404 at columbus.rr.com
Tue Mar 13 15:47:48 EST 2007 

Earlier, I wrote:

> Better yet, use a common routine for the encoding. 

Something like the following. 

I don't write in PHP often, so I'll leave it to the student as 
an exercise to port my mix of C/PHP code to all PHP. 

/* convert hex digit characters in $s to binary,
*  then replace each $nBitsPerEncodedChar bits with character from $encoding */
function encode($s,$nBitsPerEncodedChar,$encoding)
{
   if (strlen($encoding)!=(1<<$nBitsPerEncodedChar)) {
      echo stderr "strlen(\"$encoding\")!=(1<<$nBitsPerEncodedChar)\n"; 
      exit(EXIT_FAILURE);
   }

   $j=0;
   $nBitsInJ=0; /* starting from lsb ("right-justified") */
   $encodedS="";
   for ($i=0;$i<strlen($s);$i++) {
      $j&=((1<<$nBitsInJ)-1); /* probably overly paranoid to compensate for ignorance of PHP's bit bucket handling */
      /* convert a hex digit character from $s to an integer,
      *  append those new bits to j */
      $j=($j<<4)|hexdec($s[$i]);
      $nBitsInJ+=4;

      /* as long as there are enough bits,
      *  convert $nBitsPerEncodedChar most significant bits
      *  of $nBitsInJ least significant bits of $j
      *  to character from $encoding. */
      for ( ;$nBitsInJ>=$nBitsPerEncodedChar;$nBitsInJ-=$nBitsPerEncodedChar)
         $encodedS.=$encoding[($j>>($nBitsInJ-nBitsPerEncodedChar))
         & (1<<($nBitsPerEncodedChar)];
   }

   if ($nBitsInJ>0)
      $encodedS.=$encoding[$j & (1<<($nBitsInJ))];

   return $encodedS;
}

function getOTP64($s)
{
   return encode($s,6
   , "123456789abcdefhkmnprstuvwxyzABCDEFGHKMNPQRSTUVWXYZ=+[]&@#*{}.%:");
   /* What's the rationale behind the characters chosen for encoding? 
   *  Why '1'? Why no 'g'? */
}

function getOTP32($s)
{
   return encode($s,5,"0123456789abcdefghkmnoprstuvwxyz");
   /* What's the rationale behind the characters chosen for encoding? 
   *  Why '0', 'o' and '1'? Why no 'j' and 'q'? Why not uppercase? */
}

Better yet, instead of reinventing the wheel and NIH, 
why not use some other characterification function, 
perhaps, some MIME-ish characterification function? 

> Be at lunch on Friday. Bring a printout of your web page. 

Obviously, the need for printout is less now. Just bring camera and empty belly.

More information about the colug432 mailing list