Skip to content
This repository has been archived by the owner on May 4, 2021. It is now read-only.

DVORAK mangles key IDs #16

Open
devicenull opened this issue Feb 8, 2016 · 1 comment
Open

DVORAK mangles key IDs #16

devicenull opened this issue Feb 8, 2016 · 1 comment

Comments

@devicenull
Copy link

In parsePasswordOTP, if the user is using the DVORAK keyboard layout, you take care of fixing the OTP, but leave the rest of the values mangled.

This means that if they switch back to a QWERTY based keyboard layout, their key ID will no longer match.

I would suggest something like this instead:

    function parsePasswordOTP($str, $delim = '[:]')
    {
        /* Dvorak? */
        if (preg_match("/^((.*)" . $delim . ")?" .
            "(([jxe.uidchtnbpygkJXE.UIDCHTNBPYGK]{0,16})" .
            "([jxe.uidchtnbpygkJXE.UIDCHTNBPYGK]{32}))$/",
            $str, $matches))
        {
            // Un-mangle the OTP (convert from DVORAK -> QWERTY)
            $str = strtr($str, "jxe.uidchtnbpygk", "cbdefghijklnrtuv");
        }
        if (!preg_match("/^((.*)" . $delim . ")?" .
            "(([cbdefghijklnrtuvCBDEFGHIJKLNRTUV]{0,16})" .
            "([cbdefghijklnrtuvCBDEFGHIJKLNRTUV]{32}))$/",
            $str, $matches))
        {
            return false;
        }
        $ret['otp'] = $matches[3];
        $ret['password'] = $matches[2];
        $ret['prefix'] = $matches[4];
        $ret['ciphertext'] = $matches[5];
        return $ret;
    }
@GuillaumeRossolini
Copy link

Is this issue also relevant for other keyboard layouts? ie. AZERTY for French keyboard layout (which I often switch with a Spanish layout for convenience), etc.
Thanks

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@devicenull @GuillaumeRossolini