HMAC-based one-time password algorithm
The HMAC-based One-Time Password algorithm (HOTP) is a method for generating one-time passwords based on the hash-based message authentication code , which (HMAC) as part of the authentication , especially in the Internet , applies. The procedure was developed by the Initiative For Open Authentication (OATH) and published as RFC 4226 within the framework of the Internet Engineering Task Force (IETF) in December 2005 .
Procedure
The method is essentially based on a cryptographic hash function HMAC, with the help of which a cryptographic hash value is calculated from the secret key K agreed between sender and recipient and a counter C synchronized between sender and recipient . The counter is incremented for each authentication on both sides, both at the sender and the recipient, and thus results in a different one-time password depending on the secret key with each call.
Various cryptographic hash functions such as SHA-1 or the secure methods from the SHA-2 group, such as SHA-512, can be used for the calculation . The hash value calculated in this way is cut to a length of 31 bits and the actual one-time password is then formed from this by modulo 10 d , with d = 6 or d = 8 for six or eight digits.
The process is an open standard and is free from patents. A similar and more recent method, which works with the time instead of a counter, is the time-based one-time password algorithm (TOTP).
Applications
The procedure is one of the event-driven password procedures and is used, for example, in the context of authentication when a user (sender) logs on to a server (recipient).