Just thought I would share this with you guys. Not sure if it works: https://github.com/revalo/duo-bypass/blob/master/duo_bypass.py , but if it does, it would be straightforward to add support.

On Sat, Jun 25, 2016 at 1:06 PM, Nathaniel McCallum <npmccallum@redhat.com> wrote:
http://security.stackexchange.com/questions/47901/how-does-authys-2fa-work-if-it-doesnt-connect-to-the-server
This response, from a person who claims to be a former Duo employee,
claims that they use asymmetric crypto. This is not surprising.

On Fri, 2016-06-24 at 18:15 +0000, Carey Matthew Black wrote:
> Since we are speculatating....
>
> What if that value in the url is only a temp key(one time password)
> to establish their apps connection to the mothership. Then under a
> seperate ( call home) conversation the real keys are exchanged.  Just
> a thought.
>
>
> On Fri, Jun 24, 2016 at 11:40 AM, Andrew C. Dingman
> <andrew+fedora@dingman.org> wrote:
> I've got no Duo contacts. I do have some up the chain at my
> university, so I'm trying to get them to enable standard tokens
> rather than just the Duo app, Duo hard token, and SMS.
>
> If Duo uses HOTP internally I'd be surprised at this point. The QR
> codes only have 20 characters that vary between tokens issued to the
> same user, which suggests that portion is the equivalent of the
> "shared secret" in the HOTP specification. Given its length and the
> observation that the character set appears limited to [A-Za-z0-9],
> they've got at best 119 bits[1]. HOTP requires at least 128 [2]. So
> either they are re-using keys between tokens, which would be bad, or
> they aren't using stands-compliant HOTP. Since TOTP is basically HOTP
> with the counter incremented on a clock tick rather than an event
> count, it also can't be compliant TOTP.
>
> [1] 62 possible symbols in a 20 character string. => log(62^20) /
> log(2) = 119.083926208...
> [2] https://tools.ietf.org/html/rfc4226#section-4 requirement 6
>
> _______________________________________________
> freeotp-devel mailing list
> freeotp-devel@lists.fedorahosted.org
> https://lists.fedorahosted.org/admin/lists/freeotp-devel@lists.fedora
> hosted.org
> _______________________________________________
> freeotp-devel mailing list
> freeotp-devel@lists.fedorahosted.org
> https://lists.fedorahosted.org/admin/lists/freeotp-devel@lists.fedora
> hosted.org

_______________________________________________
freeotp-devel mailing list
freeotp-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/freeotp-devel@lists.fedorahosted.org