RFC-4226 defines an algorithm to generate one-time passwords using an HMAC.
RFC-4226 defines an algorithm to generate one-time passwords using an HMAC.
Useful links
- RFC-4226, "HOTP: An HMAC-Based One-Time Password Algorithm"
Questions tagged [rfc-4226]
5 questions
3
votes
1 answer
What else do I need to know about implementing a one-time-password system?
I've been tasked with creating a One Time Password (OTP) system which will eventually be used to create OTP generators on mobile devices.
We're looking at using HOTP (rfc 4226) using a counter, but maybe with some variations. We are not required to…
InverseFalcon
- 29,576
- 4
- 38
- 51
2
votes
1 answer
Is this RFC 4226 wrong?
The test values of the RFC specify:
Appendix D - HOTP Algorithm: Test Values
The following test data uses the ASCII string
"12345678901234567890" for the secret:
Secret = 0x3132333435363738393031323334353637383930
Table 1 details for…
daniel
- 9,732
- 7
- 42
- 57
2
votes
1 answer
Delphi HMAC-SHA1 unexpected results
I am writing in an old version of Delphi (Delphi 5) for reasons I could not possibly explain in this thread. I am trying to implement an HOTP and currently all of my code is working short of the HMACSHA1 portion and I do not understand why. I…
Kyle Jurick
- 244
- 2
- 15
0
votes
2 answers
Lockout policy and one-time passwords
I have a one time password system implemented for my website using RFC 4226. This password is sent via SMS to a mobile device. The user can only receive the password on their mobile device, and the password expires after 15 minutes.
Users also…
Josh
- 16,286
- 25
- 113
- 158
0
votes
1 answer
HMAC SHA-1 Truncate HOTP Logic
I am trying to count manual HMAC SHA-1 truncation for HOTP but it doesn't give back the same result as I count it with source code. For example I have code to generate HMAC SHA-1 as:
$hash = hash_hmac('sha1','375317186160478973','test');
It will…
Gudang Garam
- 1
- 1