Explore >> Select a destination
|
You are here 
|
rcoh.me | ||
| | | | |
zserge.com
|
|
| | | | | Many of us use one-time passwords (OTP) regularly to log into different services. Most probably rely on Google Authenticator and similar tools. But what about building one by ourselves? | |
| | | | |
prezu.ca
|
|
| | | | | Authenticator apps like Google Authenticator use 2 authenticaion protocol centered around What you have paradigm. Those algorithms are: HOTP (HMAC-based One Time Password), and TOTP (Time-based One Time Password). They obviously are different, but both are centered around the same basic idea: using a rolling hash value, that is predictable only to the server and the authenticator app. Additionally, both are using HMAC-SHA-1 for generating those hash values. In my previous post I explained the gist of the approach used in both algorithms. Here we'll focus on the details of implementation of HMAC. We'll tackle TOTP in part 3. | |
| | | | |
prezu.ca
|
|
| | | | | Part 3 is the last part in this short cycle. Here I'll explain all the details around Time-based One-Time Password algorithm. I'll finish up by also elaborating on things common to both, HMAC-Based One-Time Password algorithm: QR Codes used to easily transfer secrets from the server to the Authenticator app Base32 algorithm - used to store non-printable secret in a URI (effectively stored by the QR Codes mentioned above). TOTP One way to avoid the problems with lack of feedback between server and the app... | |
| | | | |
ericlathrop.com
|
|
| | | I believe privacy is a fundamental human right, and I set up technology to help enforce my privacy on the internet. I use Firefox as my web browser because it's open source and not run by an advertising company. A web browser is a user agent, meaning it works for the user. Here are the settings I configure to help me be private on the web. | ||
