|
HOTP is an HMAC-based one-time password (OTP) algorithm. It is a cornerstone of Initiative For Open Authentication (OATH). HOTP was published as an informational IETF RFC 4226 in December 2005, documenting the algorithm along with a Java implementation. Since then, the algorithm has been adopted by many companies worldwide (see below). The HOTP algorithm is a freely available open standard. ==Definition== Let: *''K'' be a secret key *''C'' be a counter *''HMAC''(''K'',''C'') = SHA1(''K'' ⊕ 0x5c5c… ∥ SHA1(''K'' ⊕ 0x3636… ∥ ''C'')) be an HMAC calculated with the SHA-1 cryptographic hash algorithm *''Truncate'' be a function that selects 4 bytes from the result of the HMAC in a defined manner Then HOTP(''K'',''C'') is mathematically defined by :HOTP(''K'',''C'') = ''Truncate''(''HMAC''(''K'',''C'')) & 0x7FFFFFFF The mask 0x7FFFFFFF sets the result's most significant bit to zero. This avoids problems if the result is interpreted as a signed number as some processors do.〔https://tools.ietf.org/html/rfc4226#section-5.3〕 For HOTP to be useful for an individual to input to a system, the result must be converted into a HOTP value, a 6–8 digits number that is implementation dependent. :HOTP-Value = HOTP(''K'',''C'') mod 10''d'', where ''d'' is the desired number of digits — 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「HMAC-based One-time Password Algorithm」の詳細全文を読む スポンサード リンク
|