Time-based One-Time Passwords

gistfile1.txt

= HMAC (H-based Message Authentication Codes):
  RFC 2104
  H is the hashing function.
  HMAC-SHA1 sets H=SHA1.

  H(K xor O, H(K xor I, E))
  where
    K = shared secret key
    O = padding, 0x5C repeated B times
    I = padding, 0x36 repeated B times
    E = the text to hash
    H = SHA1, MD5, SHA256, etc.

= HOTP (HMAC-based One-Time Password):
  RFC 4226

  HOTP(K,C) = Truncate(HMAC-SHA1(K,C))
  where
    Truncate = turn the binary into 6 digits
    K = shared secret key (> 128 bits)
    C = shared counter
    HMAC-SHA1 = RFC2104, key hashing to binary using SHA1

- your bank likely uses HOTP.
- C can get out of sync.
- many resync protocols; best one: client sends three HOTP tokens and
  the server generates HOTP tokens until it finds a match.

= TOTP (Time-based One-Time Password):
  RFC 6238

  TOTP(K) = HOTP(K, T)
  where
    X = 60 (seconds)
    T = ⌊(current unix time) / X⌋
    K = shared secret key

- instead of using any incrementing number, use the time.
- by dividing by X, you can use the same TOTP for X seconds.
- the QR code simply encodes the secret key.
- requires clocks to be in sync.
- some systems accept the prior T for X seconds.
- the RFC recommends X=30.
- Ruby: rotp gem.
- Use Google charts for the QR code.
- Bi-directional auth: user sends OTP1, server sends OTP2, user confirms
  OTP2. Requires better client-side software for checking OTP2.