+1Kโ€
ื”ื•ืจื“ื•ืช
ืกื™ื•ื•ื’ ืชื•ื›ืŸ
ื›ื•ืœื
ืฆื™ืœื•ื ืžืกืš
ืฆื™ืœื•ื ืžืกืš

ืžื™ื“ืข ืขืœ ื”ืืคืœื™ืงืฆื™ื” ื”ื–ื•

ื–ื•ื”ื™ ืืคืœื™ืงืฆื™ื” ืขืœ ืžื ืช ืœืืžืช ืžืฉืชืžืฉื™ื ื‘ืืžืฆืขื•ืช ื”ื˜ืœืคื•ืŸ ื”ืกืœื•ืœืจื™ ืฉืœื”ื, ืขืœ ื™ื“ื™ ืคืขื ื•ื— ืกื™ืกืžื” ื—ื“-ืคืขืžื™ืช ืžื•ืฆืคืŸ ืขืœ ื™ื“ื™ ื”ืฉืจืช ื‘ืืžืฆืขื•ืช ืžืคืชื— ืฆื™ื‘ื•ืจื™. ื”ืืคืœื™ืงืฆื™ื” ื”ื™ื ืฉืžื™ืฉื” ืขื‘ื•ืจ ื›ืœ ืฉื™ืจื•ืช ืื™ื ื˜ืจื ื˜ ืžื™ื™ืฉื ืฉื™ื˜ื” ื–ื• ืฉืœ ืื™ืžื•ืช.
(ืจืื• ืืช ื’ืฉืฉ GitHub ืœืงื‘ืœืช ืžื™ื“ืข ื ื•ืกืฃ ืขืœ ืื•ืคืŸ ื”ื™ื™ืฉื•ื ืฉืœ ืื™ืžื•ืช ื–ื” ืขืœ-ื‘ืฆื“ ื”ืฉืจืช)
ื”ืืคืœื™ืงืฆื™ื” ื ื™ืชืŸ ืœื”ืฉืชืžืฉ ืขื ืžืกืคืจ ื‘ืœืชื™ ืžื•ื’ื‘ืœ ืฉืœ ื”ืฆื“ื“ื™ื ืœื”ืกืชืžืš, ื›ืžื• ืื•ืชื• ืžืคืชื— ืฆื™ื‘ื•ืจื™ ืžืฉืžืฉ ืขื ื›ืœ ื”ืฆื“ื“ื™ื. ื‘ืจื’ืข ืฉื”ืืคืœื™ืงืฆื™ื” ื ืจืฉืžื”, ื”ืืคืœื™ืงืฆื™ื” ื™ื•ืฆืจืช keypair ืžื›ืฉื™ืจ ืกืคืฆื™ืคื™ ื›ื™ ืงื™ื™ื ืขื‘ื•ืจ ื”ื—ื™ื™ื ื”ืฉืœืžื™ื ืฉืœ ื”ืืคืœื™ืงืฆื™ื” (ืขื“ ืฉื”ื•ืกืจ ืฉืœื”). ืขื“ื›ื•ืŸ ื”ืืคืœื™ืงืฆื™ื” ืœื ื™ืžื—ืง ืืช ื”ืžืคืชื— ื–ืืช.

Tracker Github: https://github.com/sebastiannielsen/QRSA

ืชื ืื™ื ืžื•ืงื“ืžื™ื ืœื”ืคืขืœืช ื”ืืคืœื™ืงืฆื™ื”:
1. ื”ื˜ืœืคื•ืŸ ื—ื™ื™ื‘ ืœืชืžื•ืš ืื—ืกื•ืŸ ืžื‘ื•ืกืก ื—ื•ืžืจื”. ื–ื”ื• ืื—ืกื•ืŸ ื”ืžืฉืชืžืฉืช "ืฉื‘ื‘ ืื‘ื˜ื—ื”" ื‘ืชื•ืš ื”ื˜ืœืคื•ืŸ, ืžื” ืฉื”ื•ืคืš ืื•ืชื• ื‘ืœืชื™ ืืคืฉืจื™ ืœื”ืขืชื™ืง ืืช ื”ืžืคืชื— ืœื ืชืง ืืช ื”ื˜ืœืคื•ืŸ.
2. ื—ื™ื™ื‘ ืœื”ื™ื•ืช ืžืื•ืชื—ืœ ื”ื—ื ื•ืช. ืœืคืขืžื™ื ืฉืœื” ื ื™ืชืŸ ืœืืชื—ืœ ืืช ื”ื—ื ื•ืช ืขืœ ื™ื“ื™ ื”ื’ื“ืจืช ืžืกืš ื ืขื™ืœืช PIN, ื•ืœืื—ืจ ืžื›ืŸ ืคืฉื•ื˜ ื™ืฆื™ืจืช ืžืคืชื—. ื”ืกืจืช ืžืกืš ื”ื ืขื™ืœื” ื‘ื“ืจืš ื›ืœืœ ืชืฉืžื•ืจ ืืช ื”ืžืคืชื—, ืืœื ืื ื›ืŸ ืืช ืžืืคื™ื™ื ื™ ื”ืžืคืชื— ื”ื™ื” ื”ืชืงื ื” ืœื“ืจื•ืฉ ืžืกืš ื ืขื™ืœื”.
3. ื‘ืžืงืจื™ื ืžืกื•ื™ืžื™ื, ืžืกืš ืžื ืขื•ืœ ืžืื•ื‘ื˜ื— ื™ืฉ ืœื”ืฉืชืžืฉ. ื–ื” ืชืœื•ื™ ื‘ื“ื’ื ื”ื˜ืœืคื•ืŸ.
4. ื”ืฉื‘ื‘ ื”ืžืื•ื‘ื˜ื— ื‘ืชื•ืš ื˜ืœืคื•ืŸ, ื—ื™ื™ื‘ ืœืชืžื•ืš ื‘ืคืขื•ืœื•ืช ืžื‘ื•ืกืกื•ืช ืขืœ 2048 ืงืฆืช RSA / ECB / PKCS1.5
5. ื‘ืžืงืจื™ื ืžืกื•ื™ืžื™ื, ื˜ืœืคื•ืŸ ืžื•ืฉืจืฉ ืขืœื•ืœ ืœื”ืฉื‘ื™ืช ืืช ืฉื‘ื‘ ื”ืื‘ื˜ื—ื” ืœืฆืžื™ืชื•ืช ืžืกื™ื‘ื•ืช ื‘ื™ื˜ื—ื•ื ื™ื•ืช.

ื›ื“ื™ ืœื”ื™ืจืฉื, ืขืœื™ืš ืœื”ืคืขื™ืœ ืืช qrsa URL: // e ืžื“ืคื“ืคืŸ ืื• similiar. ืืชื” ื’ื ื™ื›ื•ืœ ืœื”ื™ืจืฉื ื‘ืืžืฆืขื•ืช ื›ืชื•ื‘ืช URL ื”ืชืงืฉืจื•ืช, ื‘ืืžืฆืขื•ืช qrsa: // u. ื›ื“ื™ ืœื”ืฉืชืžืฉ u, ืชื—ื™ืœื” ืขืœื™ืš ืœืฆืจืฃ "ื™ื" ืื ืืชื” ืจื•ืฆื” ืœื”ืฉืชืžืฉ ื‘- HTTPS, ืื• ื›ืœ ื“ื‘ืจ ืื—ืจ ืœืฆื•ืจืš HTTP. ืื– ืืช ื›ืชื•ื‘ืช ื”ืืชืจ ื›ื•ืœื• ืœื”ื™ืงืจื, ืœืœื ืืฉืจื•ืช ืขื‘ื•ื“ื”, ื‘ืคื•ืจืžื˜ URLSafe Base64. ื”ืžืคืชื— ื”ืฆื™ื‘ื•ืจื™ ื™ืฆื•ืจืฃ ื‘ืกื•ืคื• ืฉืœ ื›ืชื•ื‘ืช ื”ืืชืจ. ืื ื”ื”ืชืงืŸ ืื™ื ื• ืชื•ืื, ื”ื™ื ืชื—ื–ื™ืจ INCOMPATIBLE_DEVICE ืฉืœื” ื‘ืื—ืจื™ื•ืชืš ืœื”ื—ื–ื™ืจ ื”ื•ื“ืขืช ืฉื’ื™ืื” ืžืฉืžืขื•ืช ืœืžืฉืชืžืฉ.

ื›ื“ื™ ืœืืžืช, ืฉืชืคืขื™ืœ ืืช qrsa url: // s ืื• qrsa: // C ื•ืื—ืจื™ื• ื ืชื•ื ื™ URLSafe Base64 ืžืงื•ื“ื“ื™ื ืฉืœ ื”ื˜ืงืกื˜ ื”ืžื•ืฆืคืŸ ื”ืžืคืชื— ื”ืฆื™ื‘ื•ืจื™ RSA ื‘ ื”ืจื™ืคื•ื“ ื‘ืคื•ืจืžื˜ :: OTP :: ื”ื•ื“ืขื” :: ื—ืฉื™ืฉ :: ืจื™ืคื•ื“. ื”ืคืขื•ืœื” "ืฉืœ" ืžื™ื•ืขื“ืช ืื™ืจื•ืขื™ื ื ืกืจืงื™ื ื™ื•ืฆื’ื” ื›ื˜ืงืกื˜ OTP ืขืœ ืžืกืš. ื”ืคืขื•ืœื” "ื’" ืžื™ื•ืขื“ืช ืœืื™ืจื•ืขื™ื ืงืœื™ืง. ื”ื”ื‘ื“ืœ ื”ื•ื ื›ื™ ื”ืื™ืจื•ืขื™ื ืœื—ืฅ ื™ื’ืจื•ื ืงื•ื“ OTP ืฉื‘ื™ืงืฉื” ืฉื™ืฆืจืคื• ืœืœื•ื— ืฉืœ ื”ืžืฉืชืžืฉ ื‘ืžืงื•ื, ื›ืš ืฉื”ืžืฉืชืžืฉ ื™ื›ื•ืœ ืžื™ื“ ืœื”ืžืฉื™ืš ืœื”ื“ื‘ืงืช ื”ืงื•ื“ ื‘ืชื•ืš ืฉื“ื” OTP.
ื—ืฉื™ืฉ ื”ื•ื ื ื‘ื ื” ืขืœ ื™ื“ื™ ื™ืฆื™ืจืช MD5 ืžืชื•ืš OTP + MESSAGE + OTP, ืฉื + ืžืฆื™ื™ืŸ ืฉืจืฉื•ืจ ืžื—ืจื•ื–ืช. ื—ืฉื™ืฉ ื–ื” ืžื’ืŸ ืžืคื ื™ ืฆื•ืจื•ืช ืžืกื•ื™ืžื•ืช ื’ืกื•ืช ืฉืœ ื”ืชืงืคื•ืช ื’ืžื™ืฉื•ืช ืขืœ ื”ื˜ืงืกื˜ ื”ืžื•ืฆืคืŸ. ื‘ื ื™ื™ืช ื”ื“ื—ื•ืงื” ืžื ืข ืชื•ืงืฃ ืœื ื•ืข ื”ืžืคืจื™ื“ ื‘ื™ืŸ OTP ื•ืžืกืจ.

ืจืื•ื™ ืœืฆื™ื™ืŸ, ื›ื™ ืฆื™ืœื•ืžื™ ื”ืžืกืš ืฉืœ ื”ื™ื™ืฉื•ื ืฆื•ื ื–ืจ ื‘ื›ื•ื•ื ื” ืœืžื ื•ืข ื”ืคืจื•ืช ื–ื›ื•ื™ื•ืช ืžืกื—ืจื™ื•ืช ื• / ืื• ื–ื›ื•ื™ื•ืช ื™ื•ืฆืจื™ื (UI ืฉืœ ืืคืœื™ืงืฆื™ื•ืช ืื ื“ืจื•ืื™ื“ ื•ืื—ืจื™ื ื–ื›ื•ื™ื•ืช ื™ื•ืฆืจื™ื ืžื•ื’ื ื™ื), ื›ืื™ื ื˜ืจืืงืฆื™ื” ื‘ื™ื™ืฉื•ื ืžืกื•ืคืงืช ื‘ืืžืฆืขื•ืช ืชื™ื‘ื” ื“ื•-ืฉื™ื— ืฉืžื•ืคื™ืขื” ืขืœ ื’ื‘ื™ ื”ืงื•ืจื ืืคืœื™ืงืฆื™ื” ืฉื’ืจืžื” ื”ืื™ืžื•ืช ืœืงืจื•ืช.

ืื ื™ืฉ ื‘ืขื™ื•ืช ืขืœ ื”ืืคืœื™ืงืฆื™ื”, ืืชื” ื™ื›ื•ืœ ืœืžืฆื•ื ืงื•ื“ ืœื“ื•ื’ืžื ื ื•ืกืคื•ืช ื•ื”ื•ืจืื•ืช ื‘ื“ืฃ ืฆื™ื‘ื•ืจ GitHub, ื›ืžื• ื™ื™ืฉื•ื ื–ื” ื”ื•ื ืงื•ื“ ืคืชื•ื—.
ื›ืžื• ื›ืŸ, ืืœ ืชื”ืกืกื• ืœื™ืฆื•ืจ ื›ืœ ื‘ืขื™ื” ื‘ืชืฆื•ืจื” ืฉืœ ื’ืฉืฉ GitHub ื”ืฆื™ื‘ื•ืจ.
ืขื“ื›ื•ืŸ ืื—ืจื•ืŸ ื‘ืชืืจื™ืš
1 ื‘ืื•ื’ืณ 2016

ืื‘ื˜ื—ืช ื ืชื•ื ื™ื

ื›ื“ื™ ืœืฉืžื•ืจ ืขืœ ื”ื‘ื˜ื™ื—ื•ืช ืฆืจื™ืš ืงื•ื“ื ื›ืœ ืœื”ื‘ื™ืŸ ืื™ืš ื”ืžืคืชื—ื™ื ืื•ืกืคื™ื ื•ืžืฉืชืคื™ื ืืช ื”ื ืชื•ื ื™ื ืฉืœืš. ื ื•ื”ืœื™ ืคืจื˜ื™ื•ืช ื”ื ืชื•ื ื™ื ื•ืื‘ื˜ื—ืช ื”ื ืชื•ื ื™ื ืขืฉื•ื™ื™ื ืœื”ืฉืชื ื•ืช ื‘ื”ืชืื ืœืฉื™ืžื•ืฉ, ืœืื–ื•ืจ ื•ืœื’ื™ืœ ื”ืžืฉืชืžืฉ. ื”ืžืคืชื— ืกื™ืคืง ืืช ื”ืžื™ื“ืข ื”ื–ื” ื•ื”ื•ื ืขืฉื•ื™ ืœืขื“ื›ืŸ ืื•ืชื• ืžื“ื™ ืคืขื.

ืžื” ื—ื“ืฉ

1.4:
- Added Md5 hash verification, to further protect against malleability attacks.
1.3:
- Improved code so the app can more reliable kill itself.
1.2:
- Added OTP into @string/app_name to match Google Play app name.
1.1:
- Changed enroll function to exclude linebreaks in the public key.
- Added new "u" enroll function. Read the description or GitHub page for more information. The "u" enroll function is recommended when enrolling from a computer.

ืชืžื™ื›ื” ื‘ืืคืœื™ืงืฆื™ื”

ืžื™ื“ืข ืขืœ ืžืคืชื—ื™ ื”ืืคืœื™ืงืฆื™ื”
Sebastian Nielsen
sebastian@sebbe.eu
Sweden
undefined