
Using the Google Authenticator App with Rails - Moocode Blog - kenfodder
https://moocode.com/posts/3-using-the-google-authenticator-app-with-rails
======
patio11
Careful with that validates? function. Your OTP only changes every 30 seconds
by default. At six digits, you're at non-trivial risk of just getting hit by
exhaustive search in that interval. Additionally, since the == method on
strings short circuits in Ruby, if they wanted to get really tricky they could
possibly even get local network access and do a timing attack on you. (At 30
seconds a go and only 10^6 possibilities it would probably be easier to
exhaustively search, though.)

------
aristidb
Using Google Charts to display the QR code? OK, the code uses HTTPS there, but
still... I think it should generate the QR code locally.

~~~
seiji
The command line version outputs an ASCII/ANSI QR code directly in the
terminal: [http://code.google.com/p/google-
authenticator/source/browse/...](http://code.google.com/p/google-
authenticator/source/browse/libpam/google-authenticator.c#144)

