Many 2FA apps require their users to leak their email or their phone number in order to use them, although the whole idea of having a TOTP app is to replace an insecure and non-private authentication such as that via email or phone. Since TOTP authentication does no rely on connecting to a server in order to generate OTP codes, there is no excuse for demanding from the users of the app their email and / or their phone number. The reason behind demanding such identifiers from the users is not only the business of spam but the collusion of the state with corporations, aka state capitalism. They are in the business of oppressing you, my dear reader.
The following code is a provisional solution of the issue:
#!/usr/bin/env python3 from subprocess import run from time import sleep while True: try: from pyotp import TOTP;break except: run("pip3 install pyotp", shell=True) editor="geany" dctr_of_ks={ "tradeogre":"8XM7TRQLZNUK0K5QJZGOPAMYVN"} def main(): choose() def choose(): while True: ch=input(f"""What is that you want to do? Specify with a number. 1. Display a TOTP code for a service of your choice. 2. Edit this program, for example to add a service requiring TOTP or to change a text editor.\n""") if ch=='1':display_current_code(display_menu(dctr_of_ks));break elif ch=='2': run(f"nohup {editor} {__file__}>/dev/null 2>&1 &", shell=True);break def display_menu(dctr_of_ks): while True: print("Select a service:") for index, key in enumerate(dctr_of_ks.keys(), start=1): print(f"{index}. {key}") choice = input("Select the the service with a number of your choice or press Q to quit) ") if choice.lower() == 'q': print("Exiting...");break try: index = int(choice) if 1 <= index <= len(dctr_of_ks): selected_key = list(dctr_of_ks.keys())[index - 1] print(f"You selected '{selected_key}'.") return dctr_of_ks[selected_key] else: print("Invalid choice. Please enter a valid number.") except ValueError:print("Invalid input. Please enter a number or Q to quit.") def select_name_of_service(): for k in dctr_of_ks: print(k) choice=input def display_current_code(key): totp = TOTP(key) while True: print(totp.now()) sleep(5) if __name__ == "__main__": main()
Provisional it is but it is at least private and transparent. And it can be improved upon. The code can be tweaked to provide more functionalities, such as support for QR codes, or enhanced security, such as reading the keys from an encrypted file with pass instead of hardcoding them in the source file. I might publish such tweaks in my later posts.
Consider creating an alias in .bashrc to conveniently access the app.
I am not very familiar with the python ecosystem. Is from pyotp import TOTP open source? Before looking through the code, I was thinking this script directly implemented the algorithm, but it looks like the code is more of a CLI wrapper around the above package, providing a management layer to create different TOTP seeds, etc.
reply
pyotp library is MIT-licensed. I do not create my own keys as I am no a service provider but you can create your own secrets that are compatible with Google authenticator with pyotp.random_base32() .
reply
sorry yea I meant import, not create.
Thank you for the follow up!
reply
More on import in Python: https://docs.python.org/3/reference/import.html I almost always use it with from in order to avoid importing too much, in the case of this app to avoid importing HOTP for example
reply
Does that really matter when you just run local? I assumed the entire package would be installed from the package repository and then only certain parts are loaded into memory depending on the import syntax? I guess if you're concerned about memory usage, maybe it's valuable. But it isn't like client-side JS where the code is shipped to a client across a network.
Appreciate the discussion, btw :)
reply
I guess if you're concerned about memory usage, maybe it's valuable. But it isn't like client-side JS where the code is shipped to a client across a network.
Correct. It is about memory. Also using from allows for using less repetitive and less error-prone syntax.
reply
Thanks but how would a person with little knowledge about python gonna use if?
It's a solution, but can you say that's the best solution?
reply
To edit the keys you need a basic knowledge of Python's dictionaries. Ask ChatGPT this question and then paste the code. You can also ask ChatGPT to rewrite the code so that it is easier for you to use, for example by placing the keys in an external .csv file.
reply
Very cool! Enjoy the sats
reply