OTP: HMAC-Based and Time-Based One-Time Passwords (HOTP & TOTP)

This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.

[maintain] [Publish]

Implements the HMAC-Based One-Time Password Algorithm (HOTP) as defined in RFC 4226 and the Time-Based One-Time Password Algorithm (TOTP) as defined in RFC 6238.

The TOTP and HOTP algorithms are commonly used to implement two-step verification (2FA) (e.g. by Google Authenticator ).

See module Data.OTP for API documentation.

[Skip to Readme]

Properties

Versions	0.0.0.1, 0.1.0.0, 0.1.0.0
Change log	CHANGELOG.md
Dependencies	base (>=4.5.0.0 && <4.12), bytestring (>=0.9.2.0 && <0.11), cryptohash-sha1 (>=0.11.100.1 && <0.12), cryptohash-sha256 (>=0.11.100.1 && <0.12), cryptohash-sha512 (>=0.11.100.1 && <0.12), time (>=1.4 && <1.9) [details]
License	MIT
Copyright	2012 Artem Leshchev, 2016 Aleksey Uimanov, 2018 Herbert Valerio Riedel
Author	Artem Leshchev, Aleksey Uimanov, Herbert Valerio Riedel
Maintainer	hvr@gnu.org
Category	Cryptography
Home page	https://github.com/hvr/OTP
Bug tracker	https://github.com/hvr/OTP/issues
Source repo	head: git clone https://github.com/hvr/OTP.git
Uploaded	by HerbertValerioRiedel at 2018-07-16T08:57:45Z

Modules

[Index]

Data
- Data.OTP

Flags

Manual Flags

Name	Description	Default
pure-sha	Use pure Haskell SHA implementation instead of `cryptohash-sha1/256/512`	Disabled

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

OTP-0.1.0.0.tar.gz [browse] (Cabal source package)
Package description (as included in the package)

Maintainer's Corner

Package maintainers

ArtemLeshchev, HerbertValerioRiedel

For package maintainers and hackage trustees

edit package information

Readme for OTP-0.1.0.0

[back to package description]

`OTP`: HMAC-Based and Time-Based One-Time Passwords (HOTP & TOTP)

Please refer to the package description for an overview of OTP.

Usage examples

Generating one-time passwords

If you need to generate HOTP password described in RFC4226, then use

>>> hotp SHA1 "1234" 100 6
317569

>>> hotp SHA512 "1234" 100 6
134131

>>> totp SHA1 "1234" (read "2010-10-10 00:01:00 UTC") 30 8
43388892

to generate TOTP password described in RFC6238.

Checking one-time passwords

hotpCheck :: HashAlgorithm      -- ^ Hashing algorithm
          -> Secret             -- ^ Shared secret
          -> (Word8, Word8)     -- ^ how much counters to take lower and higher than ideal
          -> Word64             -- ^ ideal (expected) counter value
          -> Word8              -- ^ Number of digits in password
          -> Word32             -- ^ Password entered by user
          -> Bool               -- ^ True if password acceptable

>>> hotpCheck SHA1 "1234" (0,0) 10 6 50897
True

>>> hotpCheck SHA1 "1234" (0,0) 9 6 50897
False

>>> hotpCheck SHA1 "1234" (0,1) 9 6 50897
True

Here almost the same aguments as for hotp function, but there is also (0, 0) tuple. This tuple describes range of counters to check in case of desynchronisation of counters between client and server. I.e. if you specify (1, 1) and ideal counter will be 10 then function will check passwords for [9, 10, 11] list of counters.

Here is the same for TOTP:

>>> totpCheck SHA1 "1234" (0, 0) (read "2010-10-10 00:00:00 UTC") 30 6 778374
True

>>> totpCheck SHA1 "1234" (0, 0) (read "2010-10-10 00:00:30 UTC") 30 6 778374
False

>>> totpCheck SHA1 "1234" (1, 0) (read "2010-10-10 00:00:30 UTC") 30 6 778374
True