Skip to main content

HOTP: An HMAC-Based One-Time Password Algorithm

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>
Subject: Document Action: 'HOTP: An HMAC-based One Time Password 
         Algorithm' to Informational RFC 

The IESG has approved the following document:

- 'HOTP: An HMAC-based One Time Password Algorithm '
   <draft-mraihi-oath-hmac-otp-05.txt> as an Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Russ Housley.

A URL of this Internet-Draft is:

Ballot Text

Technical Summary

  This document describes an algorithm to generate one-time password 
  values, based on HMAC.  A security analysis of the algorithm is
  presented, and important parameters related to the secure deployment
  of the algorithm are discussed.  The proposed algorithm can be used
  across a wide range of network applications ranging from remote VPN
  access, Wi-Fi network logon to transaction-oriented Web applications.

  This work is a joint effort by the OATH (Open AuTHentication) 
  membership to specify an algorithm that can be freely distributed to
  the technical community. The authors believe that a common and shared
  algorithm will facilitate adoption of two-factor authentication on the
  Internet by enabling interoperability across commercial and open
  source implementations.  

Working Group Summary

  This is an individual contribution.  No IETF WG was involved in the
  development.  The algorithm was presented at the SAAG session during
  IETF 62 in an attempt to encourage comment and review.

Protocol Quality

  This document was reviewed by Russ Housley for the IESG.

RFC Editor Note

  Please see the editorial comments in the I-D Tracker.

RFC Editor Note