I am not very familiar with the python ecosystem. Is from pyotp import TOTP open source? Before looking through the code, I was thinking this script directly implemented the algorithm, but it looks like the code is more of a CLI wrapper around the above package, providing a management layer to create different TOTP seeds, etc.
pyotp library is MIT-licensed. I do not create my own keys as I am no a service provider but you can create your own secrets that are compatible with Google authenticator with pyotp.random_base32() .
reply
sorry yea I meant import, not create.
Thank you for the follow up!
reply
More on import in Python: https://docs.python.org/3/reference/import.html I almost always use it with from in order to avoid importing too much, in the case of this app to avoid importing HOTP for example
reply
Does that really matter when you just run local? I assumed the entire package would be installed from the package repository and then only certain parts are loaded into memory depending on the import syntax? I guess if you're concerned about memory usage, maybe it's valuable. But it isn't like client-side JS where the code is shipped to a client across a network.
Appreciate the discussion, btw :)
reply
I guess if you're concerned about memory usage, maybe it's valuable. But it isn't like client-side JS where the code is shipped to a client across a network.
Correct. It is about memory. Also using from allows for using less repetitive and less error-prone syntax.
reply