Make generate more constant time

mdp · mdp · commit 8456d5e91f9a · 2022-12-13T21:48:11.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ### Changelog
 
+### 6.2.2
+
+- Removed `rjust` from `generate_otp` in favor of more time constant version
+
 ### 6.2.1
 
 - Removed old rdoc folder that was triggering a security warning due to an
diff --git a/lib/rotp/otp.rb b/lib/rotp/otp.rb
@@ -32,7 +32,8 @@ def generate_otp(input)
              (hmac[offset + 1].ord & 0xff) << 16 |
              (hmac[offset + 2].ord & 0xff) << 8 |
              (hmac[offset + 3].ord & 0xff)
-      (code % 10**digits).to_s.rjust(digits, '0')
+      code_str = (10 ** digits + (code % 10 ** digits)).to_s
+      code_str[-digits..-1]
     end
 
     private
diff --git a/lib/rotp/version.rb b/lib/rotp/version.rb
@@ -1,3 +1,3 @@
 module ROTP
-  VERSION = '6.2.1'.freeze
+  VERSION = '6.2.2'.freeze
 end
