HOTP: An HMAC-Based One-Time Password Algorithm
RFC 4226, “HOTP: An HMAC-Based One-Time Password Algorithm”, is an Informational document published in December 2005 by D. M'Raihi, M. Bellare, F. Hoornaert, D. Naccache, O. Ranen. The canonical text is published by the RFC Editor.
Abstract
This document describes an algorithm to generate one-time password values, based on Hashed Message Authentication Code (HMAC). A security analysis of the algorithm is presented, and important parameters related to the secure deployment of the algorithm are discussed. The proposed algorithm can be used across a wide range of network applications ranging from remote Virtual Private Network (VPN) access, Wi-Fi network logon to transaction-oriented Web applications.
This work is a joint effort by the OATH (Open AuTHentication) membership to specify an algorithm that can be freely distributed to the technical community. The authors believe that a common and shared algorithm will facilitate adoption of two-factor authentication on the Internet by enabling interoperability across commercial and open-source implementations. This memo provides information for the Internet community.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 4226 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4225 Mobile IP Version 6 Route Optimization Security Design Background
- RFC 4228 Requirements for an IETF Draft Submission Toolset
- RFC 4223 Reclassification of RFC 1863 to Historic
- RFC 4229 HTTP Header Field Registrations
- RFC 4222 Prioritized Treatment of Specific OSPF Version 2 Packets and Congestion Avoidance
- RFC 4230 RSVP Security Properties
- RFC 4221 Multiprotocol Label Switching Management Overview
- RFC 4231 Identifiers and Test Vectors for HMAC-SHA-224, HMAC-SHA-256, HMAC- SHA-384, and HMAC-SHA-512