The Commodore 64 might be 40 years old, but there's still an active community for developing new games and software for the once-popular 6-bit computer. With the help of a new program, TOTP-C64, the C64 can act as a two-factor authentication app for your online accounts.
Cameron Kaiser, perhaps best known as the software developer for the Classilla and TenFourFox web browsers, has released a new program for the Commodore 64 that turns it into a two-factor authenticator app. TOTP-C64 can generate real-time codes that should be compatible with any service that supports app-based 2FA, like Google, Facebook, Discord, Mastodon, and others.
Kaiser wrote in a blog post about the project, "Some of you are asking already if this idea is totally nuts or just mostly. But consider: the C64 has a very small attack surface and it can be made completely airgapped. Keys can be entered manually, or stored as binary files which you have to know the file, offset and length to correctly use (unless you make the entire file the key). Heck, you have to even know what disk (or cassette tape?) it's on. Plus, anything fun is always a satisfactory justification!"
The blog post goes into detail about the work required, which involved creating an SHA-1 hash function that could run on the limited 6502 processor, and finding a way to track the current time without a built-in hardware clock. The result is an impressive feat of software engineering, and can generate 2FA codes as well as an authenticator app on a phone or modern computer, unless the key is longer than 64 bytes.
You can check out the code on GitHub at the source link below, and there's also a pre-compiled version that can be run directly on a Commodore 64 or emulator.
Source: Old Vintage Computing Research, GitHub