Project

General

Profile

$hotp » History » Version 8

Per Amundsen, 02/23/2023 01:41 PM

1 1 Per Amundsen
_Added in 3.3_
2
3 7 Paul Janson
*$hotp(<key>, <count>, [hash], [digits], [encoding])*
4 1 Per Amundsen
5
Returns an HOTP (HMAC-based One-Time Password) based on the specified parameters.
6
7 7 Paul Janson
_HOTP is designed for hashes no shorter than 160 bits, so using md5 hash is not secure enough and should never be used with $hotp._
8 4 Per Amundsen
9
_See also [[$totp]], [[$hmac]]._
10
11 1 Per Amundsen
*Parameters*
12
13 8 Per Amundsen
table(ktable).
14
|*Parameter*|*Description*|
15
| key | The key to hash. (Auto-detected between text/hex/base32 as described below) |
16
| count | a unique (sequential) number. valid range 0-2^64-1 |
17
| hash | Hash method to hash the key with. (sha1, sha256, sha384, sha512, md5, sha1 is default) |
18
| digits | Number of digits to return. (3 - 10, default is 6) *(AdiIRC only: digits=0 returns entire internal HMAC string)* |
19
| encoding | Sets encoding method for 'key'. (t = UTF8 plain text, x = hex, a = base32) *(AdiIRC only)* |
20 7 Paul Janson
21
Default when 'encoding' is not used, attempts to support 'key' in several formats as follows:
22
23
if (key length excluding spaces is any of lengths 40|64|128 and $remove(key,$chr(32)) is hex   ) encoding = x
24
if (key length excluding spaces is any of lengths 16|26|32  and $remove(key,$chr(32)) is base32) encoding = a
25
These assume hex keys of 160|256|512 bits, or base32 keys of 80|128|160 bits. all other cases: encoding = t
26
encoding 'x' or 'a' ignore all spaces padding, but 't' does not. All encoding formats reject key being $null or entirely consisting of spaces.
27
28
Note: definition of base32 is case-insensitive [a-zA-Z2-7] after removing spaces, and '=' padding is NOT allowed
29
30
Note: It's recommended that the secret 'key' contain entropy no less than the bit length of the 'hash' used. Also, hash blocklength is 64 except for sha512|sha384 having 128. Key is shortened to hash(key) if key is longer than 'blocklength'. i.e. Using key longer than 512 bits with hash=sha1 shortens key to 160 bits:
31
32
//var -s %key $regsubex(foo,$str(x,65),/x/g,$rand(a,z)) | echo -a $hotp(%key,123) same as $hotp($sha1(%key),123)
33
(Equivalence is due to the length 40 string seen as encoding=x)