Got different TOTPs of the same Base32 encoded secret from Google Authenticator and https://totp.app

108 Views Asked by At

I've randomly generated a base32 secret and used it with my own Java program as well as the online TOTP generator https://totp.app, and https://totp.danhersam.com/ I've got the same OTP from my local Java program and the online TOTP generators

JQ4EW3KBIIZVQOKDLBKGEODRMJLEQ5TGOBZGEMSD

I've also tried to generated the QA code with this particular URL otpauth://totp/Client Pages?secret=JQ4EW3KBIIZVQOKDLBKGEODRMJLEQ5TGOBZGEMSD on https://www.qr-code-generator.com/ and I've scanned that QR code with mobile Apps on Android, both Google Authenticator and Duo Authenticator, however, they've generated totally different OTP from my local Java program and the online TOTP generators

According to https://github.com/google/google-authenticator/wiki/Key-Uri-Format, I've tried to put in an extra query param algorithm=SHA1 in that otpauth URL, and it didn't help.

It'll be really appreciated if someone could shed light on what could be the subtle root cause?

0

There are 0 best solutions below