HOTP: An HMAC-Based One-Time Password Algorithm
RFC 4226
Document | Type |
RFC - Informational
(December 2005; Errata)
Was draft-mraihi-oath-hmac-otp (individual in sec area)
|
|
---|---|---|---|
Authors | Mountain View , David M'Raihi , Frank Hoornaert , David Naccache , Mihir Bellare , Ohad Ranen | ||
Last updated | 2020-01-21 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4226 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | dmraihi@verisign.com, SVaeth@DIVERSINET.COM |
Network Working Group D. M'Raihi Request for Comments: 4226 VeriSign Category: Informational M. Bellare UCSD F. Hoornaert Vasco D. Naccache Gemplus O. Ranen Aladdin December 2005 HOTP: An HMAC-Based One-Time Password Algorithm Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document describes an algorithm to generate one-time password values, based on Hashed Message Authentication Code (HMAC). A security analysis of the algorithm is presented, and important parameters related to the secure deployment of the algorithm are discussed. The proposed algorithm can be used across a wide range of network applications ranging from remote Virtual Private Network (VPN) access, Wi-Fi network logon to transaction-oriented Web applications. This work is a joint effort by the OATH (Open AuTHentication) membership to specify an algorithm that can be freely distributed to the technical community. The authors believe that a common and shared algorithm will facilitate adoption of two-factor authentication on the Internet by enabling interoperability across commercial and open-source implementations. M'Raihi, et al. Informational [Page 1] RFC 4226 HOTP Algorithm December 2005 Table of Contents 1. Overview ........................................................3 2. Introduction ....................................................3 3. Requirements Terminology ........................................4 4. Algorithm Requirements ..........................................4 5. HOTP Algorithm ..................................................5 5.1. Notation and Symbols .......................................5 5.2. Description ................................................6 5.3. Generating an HOTP Value ...................................6 5.4. Example of HOTP Computation for Digit = 6 ..................7 6. Security Considerations .........................................8 7. Security Requirements ...........................................9 7.1. Authentication Protocol Requirements .......................9 7.2. Validation of HOTP Values .................................10 7.3. Throttling at the Server ..................................10 7.4. Resynchronization of the Counter ..........................11 7.5. Management of Shared Secrets ..............................11 8. Composite Shared Secrets .......................................14 9. Bi-Directional Authentication ..................................14 10. Conclusion ....................................................15 11. Acknowledgements ..............................................15 12. Contributors ..................................................15 13. References ....................................................15 13.1. Normative References .....................................15 13.2. Informative References ...................................16 Appendix A - HOTP Algorithm Security: Detailed Analysis ...........17 A.1. Definitions and Notations .................................17 A.2. The Idealized Algorithm: HOTP-IDEAL .......................17 A.3. Model of Security .........................................18 A.4. Security of the Ideal Authentication Algorithm ............19 A.4.1. From Bits to Digits ................................19 A.4.2. Brute Force Attacks ................................21 A.4.3. Brute force attacks are the best possible attacks ..22 A.5. Security Analysis of HOTP .................................23 Appendix B - SHA-1 Attacks ........................................25 B.1. SHA-1 Status ..............................................25 B.2. HMAC-SHA-1 Status .........................................26 B.3. HOTP Status ...............................................26 Appendix C - HOTP Algorithm: Reference Implementation .............27 Appendix D - HOTP Algorithm: Test Values ..........................32Show full document text