Commodore 64 can now be a two-factor authenticator

Commodore 64 is 40 years old, but there is still an active community of developers of new games and software for the once popular 6-bit computer. With the help of the new TOTP-C64 program, C64 can act as a two-factor authentication application for your online accounts.

Cameron Kaiser, perhaps best known as the developer of the Classilla and TenFourFox web browser software, has released a new program for the Commodore 64 that turns it into a two-factor authentication app. TOTP-C64 can generate real-time codes that should be compatible with any service that supports app-based two-factor authentication, such as Google, Facebook, Discord, Mastodon, and more.

Kaiser wrote on his blog about the project: “Some of you are already asking if this idea is completely crazy or just a big part of it. But beware: the C64 has a very small attack surface and can be made completely covered. Keys can be entered manually or stored as binary files that require knowledge of the file, offset, and length to use correctly (unless you make the entire file a key). Hell, you even have to know what disc (or cassette?) it’s on. Besides, anything funny is always a satisfying excuse!”

2FA on Commodore SX-64
Authenticator on Commodore SX-64 Old Vintage Computing Research

The blog post details the work needed, which included creating a SHA-1 hash function that could run on the limited 6502 processor and finding a way to keep track of the current time without a built-in hardware clock. The result is an impressive feat of software engineering, and it can generate 2FA codes as well as an authentication app on a phone or modern computer, as long as the key is no longer than 64 bytes.

You can check out the code on GitHub at the link below, and there’s also a precompiled version that can be run directly on a Commodore 64 or emulator.

Source: Old Vintage Computing Research , GitHub.

Leave a Reply

Your email address will not be published.