For example, I want to get a HOTP that can only be used in 10 minutes.
Not TOTP cause it's possible that when users get the code there are only 10 seconds left.
Asked
Active
Viewed 200 times
1
-
And if it's possible I want to achieve this only by using algorithm but a storage. – AkiraVoid Apr 07 '22 at 01:23
-
You might be able to find OTP/HOTP generators on GitHub or other sources. What is the specific issue that you're facing? – Abhinav Mathur Apr 07 '22 at 03:25
-
@AbhinavMathur I know how to create a one-time password, but I don't know how to make sure that this password I created can only be used in next 10 minutes. I wonder that may I achieve this by pure algorithm solution without store the time in somewhere. – AkiraVoid Apr 07 '22 at 07:15
-
TOTP uses time as a param to generate different password each period, but it can be imagined that, if I generated a TOTP at the end of one period, this password can only be used in a few seconds. I hope my password can be used in 10 minutes every time it is created. – AkiraVoid Apr 07 '22 at 07:17
-
Set the period to 1 minute, and then accept as valid any TOTP that's been generated in the last 10 periods. That means a newly generated code is valid for somewhere between 9 and 10 minutes. Note, this reduces the space of the code smaller by a factor of 10, so you might want to add an extra digit to the code to compensate. – Paul Hankin Apr 07 '22 at 08:06
-
@PaulHankin That’s make sense! Thanks! All I need is to check if there is a number matches users input in last 10 periods, why I didn’t notice it. – AkiraVoid Apr 07 '22 at 08:29
1 Answers
1
Thanks @PaulHankin!
We can use the TOTP solution which can generate a one-time password every 1 minute, and when we got user’s input, we can check if there’s a TOTP generated in last 10 minutes matches it!
AkiraVoid
- 61
- 8