HOTP: An HMAC-Based One-Time Password Algorithm
RFC 4226
| Document | Type |
RFC - Informational
(December 2005; Errata)
Was draft-mraihi-oath-hmac-otp (individual in sec area)
|
|
|---|---|---|---|
| Authors | Mountain View , David M'Raihi , Frank Hoornaert , David Naccache , Mihir Bellare , Ohad Ranen | ||
| Last updated | 2020-01-21 | ||
| Stream | Internent Engineering Task Force (IETF) | ||
| Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4226 (Informational) | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Russ Housley | ||
| Send notices to | dmraihi@verisign.com, SVaeth@DIVERSINET.COM | ||
Network Working Group D. M'Raihi
Request for Comments: 4226 VeriSign
Category: Informational M. Bellare
UCSD
F. Hoornaert
Vasco
D. Naccache
Gemplus
O. Ranen
Aladdin
December 2005
HOTP: An HMAC-Based One-Time Password Algorithm
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document describes an algorithm to generate one-time password
values, based on Hashed Message Authentication Code (HMAC). A
security analysis of the algorithm is presented, and important
parameters related to the secure deployment of the algorithm are
discussed. The proposed algorithm can be used across a wide range of
network applications ranging from remote Virtual Private Network
(VPN) access, Wi-Fi network logon to transaction-oriented Web
applications.
This work is a joint effort by the OATH (Open AuTHentication)
membership to specify an algorithm that can be freely distributed to
the technical community. The authors believe that a common and
shared algorithm will facilitate adoption of two-factor
authentication on the Internet by enabling interoperability across
commercial and open-source implementations.
M'Raihi, et al. Informational [Page 1]
RFC 4226 HOTP Algorithm December 2005
Table of Contents
1. Overview ........................................................3
2. Introduction ....................................................3
3. Requirements Terminology ........................................4
4. Algorithm Requirements ..........................................4
5. HOTP Algorithm ..................................................5
5.1. Notation and Symbols .......................................5
5.2. Description ................................................6
5.3. Generating an HOTP Value ...................................6
5.4. Example of HOTP Computation for Digit = 6 ..................7
6. Security Considerations .........................................8
7. Security Requirements ...........................................9
7.1. Authentication Protocol Requirements .......................9
7.2. Validation of HOTP Values .................................10
7.3. Throttling at the Server ..................................10
7.4. Resynchronization of the Counter ..........................11
7.5. Management of Shared Secrets ..............................11
8. Composite Shared Secrets .......................................14
9. Bi-Directional Authentication ..................................14
10. Conclusion ....................................................15
11. Acknowledgements ..............................................15
12. Contributors ..................................................15
13. References ....................................................15
13.1. Normative References .....................................15
13.2. Informative References ...................................16
Appendix A - HOTP Algorithm Security: Detailed Analysis ...........17
A.1. Definitions and Notations .................................17
A.2. The Idealized Algorithm: HOTP-IDEAL .......................17
A.3. Model of Security .........................................18
A.4. Security of the Ideal Authentication Algorithm ............19
A.4.1. From Bits to Digits ................................19
A.4.2. Brute Force Attacks ................................21
A.4.3. Brute force attacks are the best possible attacks ..22
A.5. Security Analysis of HOTP .................................23
Appendix B - SHA-1 Attacks ........................................25
B.1. SHA-1 Status ..............................................25
B.2. HMAC-SHA-1 Status .........................................26
B.3. HOTP Status ...............................................26
Appendix C - HOTP Algorithm: Reference Implementation .............27
Appendix D - HOTP Algorithm: Test Values ..........................32
Show full document text