reply on: How and why I wrote my own TOTP 2FA client. [metadata][privacy] \ stacker news ~privacy

pull down to refresh

20 sats \ 5 replies \ @WeAreAllSatoshi 8 Apr \ on: How and why I wrote my own TOTP 2FA client. [metadata][privacy] privacy

I am not very familiar with the python ecosystem. Is from pyotp import TOTP open source? Before looking through the code, I was thinking this script directly implemented the algorithm, but it looks like the code is more of a CLI wrapper around the above package, providing a management layer to create different TOTP seeds, etc.

100 sats \ 4 replies \ @denationalized OP 8 Apr

pyotp library is MIT-licensed. I do not create my own keys as I am no a service provider but you can create your own secrets that are compatible with Google authenticator with pyotp.random_base32() .

0 sats \ 3 replies \ @WeAreAllSatoshi 8 Apr

sorry yea I meant import, not create.

Thank you for the follow up!

0 sats \ 2 replies \ @denationalized OP 8 Apr

More on import in Python: https://docs.python.org/3/reference/import.html I almost always use it with from in order to avoid importing too much, in the case of this app to avoid importing HOTP for example

20 sats \ 1 reply \ @WeAreAllSatoshi 8 Apr

Does that really matter when you just run local? I assumed the entire package would be installed from the package repository and then only certain parts are loaded into memory depending on the import syntax? I guess if you're concerned about memory usage, maybe it's valuable. But it isn't like client-side JS where the code is shipped to a client across a network.

Appreciate the discussion, btw :)

0 sats \ 0 replies \ @denationalized OP 9 Apr

I guess if you're concerned about memory usage, maybe it's valuable. But it isn't like client-side JS where the code is shipped to a client across a network.

Correct. It is about memory. Also using from allows for using less repetitive and less error-prone syntax.