$totp » History » Version 6
Paul Janson, 03/25/2021 08:21 PM
| 1 | 1 | Per Amundsen | _Added in 3.3_ |
|---|---|---|---|
| 2 | |||
| 3 | 6 | Paul Janson | *$totp(<key>, [time], [hash], [digits], [timestep], [encoding])* |
| 4 | 1 | Per Amundsen | |
| 5 | Returns a TOTP (Time-based One-time Password) based on the specified parameters. |
||
| 6 | |||
| 7 | 6 | Paul Janson | _TOTP is designed for hashes no shorter than 160 bits, so using md5 hash is not secure enough and should never be used with $totp._ |
| 8 | 3 | Per Amundsen | |
| 9 | _See also [[$hotp]], [[$hmac]]._ |
||
| 10 | |||
| 11 | 1 | Per Amundsen | *Parameters* |
| 12 | |||
| 13 | 6 | Paul Janson | key - The key to hash. (Auto-detected between text/hex/base32 as described below) |
| 14 | time - A [[$ctime]] timestamp to indicate current start time. (default is [[$ctime]]) valid range 0-2^64-1 |
||
| 15 | 1 | Per Amundsen | hash - Hash method to hash the key with. (sha1, sha256, sha384, sha512, md5, sha1 is default) |
| 16 | 6 | Paul Janson | digits - Number of digits to return. (3 - 10, default is 6) *(AdiIRC only: digits=0 returns entire internal HMAC string)* |
| 17 | timestep - Duration of the time interval. (default is 30) valid range = 1-3600 |
||
| 18 | encoding - Sets encoding method for 'key'. (t = UTF8 plain text, x = hex, a = base32) *(AdiIRC only)* |
||
| 19 | |||
| 20 | Default when 'encoding' is not used, attempts to support 'key' in several formats as follows: |
||
| 21 | |||
| 22 | if (key length excluding spaces is any of lengths 40|64|128 and $remove(key,$chr(32)) is hex ) encoding = x |
||
| 23 | if (key length excluding spaces is any of lengths 16|26|32 and $remove(key,$chr(32)) is base32) encoding = a |
||
| 24 | These assume hex keys of 160|256|512 bits, or base32 keys of 80|128|160 bits. all other cases: encoding = t |
||
| 25 | encoding 'x' or 'a' ignore all spaces padding, but 't' does not. All encoding formats reject key being $null or entirely consisting of spaces. |
||
| 26 | |||
| 27 | Note: definition of base32 is case-insensitive [a-zA-Z2-7] after removing spaces, and '=' padding is NOT allowed |
||
| 28 | |||
| 29 | Note: It's recommended that the secret 'key' contain entropy no less than the bit length of the 'hash' used. Also, hash blocklength is 64 except for sha512|sha384 having 128. Key is shortened to hash(key) if key is longer than 'blocklength'. i.e. Using key longer than 512 bits with hash=sha1 shortens key to 160 bits: |
||
| 30 | |||
| 31 | //var -s %key $regsubex(foo,$str(x,65),/x/g,$rand(a,z)) | echo -a $totp(%key,123) same as $totp($sha1(%key),123) |
||
| 32 | (Equivalence is due to the length 40 string seen as encoding=x) |
||
| 33 | |||
| 34 | If interval longer than 1 hour is needed, must uses timestep=1 with altered time value. i.e. for 9-digit daily code which uses sha256 and changes each day at 6pm. Change the 18 if the rollover hour-of-day should be different: |
||
| 35 | |||
| 36 | //var %interval $calc( ($ctime - $timezone -3600*18) // 86400) | echo -a $totp(key,%interval,sha256,9,1,t) |