one-time-password: HMAC-Based and Time-Based One-Time Passwords

[ cryptography, library, mit, program ] [ Propose Tags ] [ Report a vulnerability ]

Implements HMAC-Based One-Time Password Algorithm as defined in RFC 4226 and Time-Based One-Time Password Algorithm as defined in RFC 6238.

[Skip to Readme]

Modules

[Index]

Data
- Data.OTP

Downloads

one-time-password-1.0.0.0.tar.gz [browse] (Cabal source package)
Package description (as included in the package)

Maintainer's Corner

Package maintainers

hecate

For package maintainers and hackage trustees

edit package information

Candidates

No Candidates

Versions [RSS]	1.0.0.0, 1.0.0.1, 2.0.0, 3.0.0.0
Change log	CHANGELOG.md
Dependencies	base (>=3 && <5), byteable, bytestring, cereal, cryptohash, time (>=1.1) [details]
License	MIT
Copyright	(c) 2012 Artem Leshchev, 2015 Aleksey Uimanov
Author	Artem Leshchev, Aleksey Uimanov
Maintainer	s9gf4ult@gmail.com <Aleksey Uimanov>
Category	Cryptography
Home page	https://github.com/s9gf4ult/one-time-password
Bug tracker	https://github.com/s9gf4ult/one-time-password/issues
Source repo	head: git clone git://github.com/s9gf4ult/one-time-password.git
Uploaded	by AlekseyUymanov at 2015-04-28T11:14:28Z
Distributions
Reverse Dependencies	2 direct, 0 indirect [details]
Downloads	3231 total (3 in the last 30 days)
Rating	(no votes yet) [estimated by Bayesian average]
Your Rating	λ λ λ
Status	Docs available [build log] Last success reported on 2015-04-28 [all 1 reports]

Readme for one-time-password-1.0.0.0

[back to package description]

What

One time password implementation according to RFC4226 and RFC6238 in Haskell.

Generation passwords

If you need to generate HOTP password described in RFC4226, then use

>>> hotp SHA1 "1234" 100 6
317569

>>> hotp SHA512 "1234" 100 6
134131

>>> totp SHA1 "1234" (read "2010-10-10 00:01:00 UTC") 30 8
43388892

to generate TOTP password described in RFC6238.

Checking passwords

hotpCheck :: (HashAlgorithm a)
          => a                  -- ^ Hashing algorithm
          -> ByteString         -- ^ Shared secret
          -> (Word64, Word64)   -- ^ how much counters to take lower and higher than ideal
          -> Word64             -- ^ ideal (expected) counter value
          -> Word               -- ^ Number of digits in password
          -> Word32             -- ^ Password entered by user
          -> Bool               -- ^ True if password acceptable

>>> hotpCheck SHA1 "1234" (0,0) 10 6 50897
True

>>> hotpCheck SHA1 "1234" (0,0) 9 6 50897
False

>>> hotpCheck SHA1 "1234" (0,1) 9 6 50897
True

Here almost the same aguments as for hotp function, but there is also (0, 0) tuple. This tuple describes range of counters to check in case of desynchronisation of counters between client and server. I.e. if you specify (1, 1) and ideal counter will be 10 then function will check passwords for [9, 10, 11] list of counters.

There is also some protection, so if you specify (minBound, maxBound) then function will check just 1000 counters around ideal.

Here is the same for TOTP:

>>> totpCheck SHA1 "1234" (0, 0) (read "2010-10-10 00:00:00 UTC") 30 6 778374
True

>>> totpCheck SHA1 "1234" (0, 0) (read "2010-10-10 00:00:30 UTC") 30 6 778374
False

>>> totpCheck SHA1 "1234" (1, 0) (read "2010-10-10 00:00:30 UTC") 30 6 778374
True