1 Reply Latest reply on May 31, 2013 12:25 PM by Steve Sommers

    Google TOTP Two-factor Authentication for Cold Fusion


      Hi Guys,



      We are working on implementing TOTP Two-factor Authentication in Coldfusion. We are refering a code which is in PHP and is working fine and is validating the token.


      Here is the link for the same: http://www.idontplaydarts.com/2011/07/google-totp-two-factor-authentication-for-php/


      But our coldfusion version is not authenticating tokens. It always returns false.


      Here are the few points which we feel can cause issue:


      1. Difference in the timestamp of server and our client: Is  there any method to find out the same, so that we can make adjustments to the timestamp value on our side?


      2. In PHP there is a code


      $binary_timestamp = pack('N*', 0) . pack('N*', $timestamp);


      and they said "The time-stamp first needs to be reduced into a binary string of 8 bytes. Since pack doesn’t support 64bit integers we use two unsigned 32 bit integers to make up the binary form."


      How to convert the above line of code to Coldfusion syntax.


      Right now, we are doing this


      <cfset binarystring  = left(formatBaseN(inputBaseN(arguments.counter,16),2),16)>


      Is this correct?


      3. The output of hash_mac function.



      Here is the code:


      <cffunction name="oath_totp" access="public" returntype="string">

           <cfargument name="counter" type="numeric" required="yes">

           <cfargument name="nkey" type="string" required="yes">


          <cfset binarystring  = left(formatBaseN(inputBaseN(arguments.counter,16),2),16)>


                          <cfset  hash = hmacSign(arguments.nkey,binarystring)>


                          <cfset truncatedHash = oath_truncate(hash)>



                          <cfreturn truncatedHash>




      Any help would be much appreciated.