started having an idea for a new project, hoping to have some info down soon so people who do know what they're doing can have a check
it's HOTP/TOTP related (think Authenticator 2fa stuff)
well braindump so far, feel free to add things
https://pad.riseup.net/p/7U8x1ZPZUdx9cqHb9V6y
which im probably way overthinking with untrusting subsystems etc but it'll be a cool (thought) experiment nevertheless, hoping to document it as well