Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

---

Errata ID: 3899
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Marcus Bring
Date Reported: 2014-02-24

Section Appendix A. says:

// Put the bytes of "time" to the message
// Input is text value of minutes
    if(timeStampLength > 0){
        bArray = hexStr2Bytes(timeStamp);
        System.arraycopy(bArray, 0, msg, ocraSuiteLength + 1 +
            counterLength + questionLength +
            passwordLength + sessionInformationLength,
            bArray.length);
    }

It should say:

// Put the bytes of "time" to the message
// Input is HEX encoded value of minutes
    if(timeStampLength > 0){
        bArray = hexStr2Bytes(timeStamp);
        System.arraycopy(bArray, 0, msg, ocraSuiteLength + 1 +
            counterLength + questionLength +
            passwordLength + sessionInformationLength,
            bArray.length);
    }

Notes:

The timestamp should be HEX encoded since hexStr2Bytes() is used. Otherwise it will fail to generate the correct OTP

Report New Errata