HOTP: An HMAC-Based One-Time Password Algorithm
RFC 4226

Document Type RFC - Informational (December 2005; Errata)
Was draft-mraihi-oath-hmac-otp (individual in sec area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4226 (Informational)
Telechat date
Responsible AD Russ Housley
Send notices to dmraihi@verisign.com, SVaeth@DIVERSINET.COM
Network Working Group                                         D. M'Raihi
Request for Comments: 4226                                      VeriSign
Category: Informational                                       M. Bellare
                                                                    UCSD
                                                            F. Hoornaert
                                                                   Vasco
                                                             D. Naccache
                                                                 Gemplus
                                                                O. Ranen
                                                                 Aladdin
                                                           December 2005

           HOTP: An HMAC-Based One-Time Password Algorithm

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes an algorithm to generate one-time password
   values, based on Hashed Message Authentication Code (HMAC).  A
   security analysis of the algorithm is presented, and important
   parameters related to the secure deployment of the algorithm are
   discussed.  The proposed algorithm can be used across a wide range of
   network applications ranging from remote Virtual Private Network
   (VPN) access, Wi-Fi network logon to transaction-oriented Web
   applications.

   This work is a joint effort by the OATH (Open AuTHentication)
   membership to specify an algorithm that can be freely distributed to
   the technical community.  The authors believe that a common and
   shared algorithm will facilitate adoption of two-factor
   authentication on the Internet by enabling interoperability across
   commercial and open-source implementations.

M'Raihi, et al.              Informational                      [Page 1]
RFC 4226                     HOTP Algorithm                December 2005

Table of Contents

   1. Overview ........................................................3
   2. Introduction ....................................................3
   3. Requirements Terminology ........................................4
   4. Algorithm Requirements ..........................................4
   5. HOTP Algorithm ..................................................5
      5.1. Notation and Symbols .......................................5
      5.2. Description ................................................6
      5.3. Generating an HOTP Value ...................................6
      5.4. Example of HOTP Computation for Digit = 6 ..................7
   6. Security Considerations .........................................8
   7. Security Requirements ...........................................9
      7.1. Authentication Protocol Requirements .......................9
      7.2. Validation of HOTP Values .................................10
      7.3. Throttling at the Server ..................................10
      7.4. Resynchronization of the Counter ..........................11
      7.5. Management of Shared Secrets ..............................11
   8. Composite Shared Secrets .......................................14
   9. Bi-Directional Authentication ..................................14
   10. Conclusion ....................................................15
   11. Acknowledgements ..............................................15
   12. Contributors ..................................................15
   13. References ....................................................15
      13.1. Normative References .....................................15
      13.2. Informative References ...................................16
   Appendix A - HOTP Algorithm Security: Detailed Analysis ...........17
      A.1. Definitions and Notations .................................17
      A.2. The Idealized Algorithm: HOTP-IDEAL .......................17
      A.3. Model of Security .........................................18
      A.4. Security of the Ideal Authentication Algorithm ............19
           A.4.1. From Bits to Digits ................................19
           A.4.2. Brute Force Attacks ................................21
           A.4.3. Brute force attacks are the best possible attacks ..22
      A.5. Security Analysis of HOTP .................................23
   Appendix B - SHA-1 Attacks ........................................25
      B.1. SHA-1 Status ..............................................25
      B.2. HMAC-SHA-1 Status .........................................26
      B.3. HOTP Status ...............................................26
Show full document text