SFOS 4.5.0.16 and SailOtp; some problems

kari.einamo · 11 February 2023 13:26

Summary;

token import does not work (at least I failed with it)
created tokens are forgotten (there seems to be a workaround)
camera could not read the QR code

After flashing 10 III to SFOS 4.5.0.16 I installed SailOtp 1.10.2 from Jolla Store.

SailOtp was not able to import token file (from SFOS 4.3, I think), complained about decryption problems, suggested wrong password (unlikely). It gave same complaint after exporting token and trying to import it back.

It also forgot the token when closing the application, even when token was marked as starred/default. Meaning that when SailOtp was started again, created token was nowhere to be seen.

But when app was started from command line and token created then, it was remembered after app stop/start. Even when app was started from phone GUI. From some forum post I got understanding that starting from command line makes app to escape sailjail (reason for trying that).

SailOtp was not able to scan QR code, so I have to create token manually. Camera seemed unable to focus. Also camera app could not focus on QR, so that problem is probably not related to SailOtp. QR code reading works from paper, so perhaps I should have printed it and then…

I did not have above mentioned problems with SFOS 4.4.

SailOtp is anyway usable for me (generated codes work, it does not forget things), just wanted report my experiences in case somebody runs to similar problems.

poetaster · 11 February 2023 15:17

I couldn’t get SailOtp working with 4.4 either. I went to foilauth from @slava and it has better security in the end.

kari.einamo · 11 February 2023 15:44

I’m ashamed to admit that I selected SailOtp over FoilAuth because of worse security… I got annoyed to give password when needing OTP code…

With 4.5 FoilAuth from Jolla Store did not work. Said that does not want to live in jail and recommended to download it from some other place.

poetaster · 13 February 2023 12:10

Ah, ok, I just couldn’t get SailOtp to work and then downloaded FoilAuth from openrepos but just noticed that all @slava apps are on chum, too.

slava · 13 February 2023 12:50

WFIW since version 1.1.1 Foil Auth has an option (under Settings → Apps) which allows to type in the key encryption password only once when the app is started. All that is still hopelessly incompatible with sadboxing and Jolla Store, and most likely is going to remain that way, unfortunately🤷‍♂️

slava · 13 February 2023 13:05

Another app which may be of interest to heavy OTP users is YubiKey OTP. It had an option to store YubiKey authorization token right from the beginning. I decided that it’s not much of a security risk since the password is stored in a hashed form and there’s no use for it without YubiKey itself, which is physically separated from the token stored on the phone. In other words, you would have to lose both the phone and YubiKey at the same time, in order to compromize your OTP’s (and that still wouldn’t reveal your plaintext password).

But that of course requires a YubiKey with NFC interface.

Rikudou_Sennin · 13 February 2023 16:20

Bitwarden has also option for storing your OTP passwords and BitSailor supports it as well, though it’s not the main focus of Bitwarden/BitSailor.

poetaster · 13 February 2023 16:28

I’ve tested Yubikey OTP with my nfc Yubi and it works fine. But I only use the Yubikey sparingly (work thing) as I don’t want to have 2 devices between me an a login