RFC 4226

HOTP: An HMAC-Based One-Time Password Algorithm, December 2005

Canonical URL:
https://www.rfc-editor.org/rfc/rfc4226.txt
File formats:
Plain TextPDF
Status:
INFORMATIONAL
Authors:
D. M'Raihi
M. Bellare
F. Hoornaert
D. Naccache
O. Ranen
Stream:
IETF
Source:
NON WORKING GROUP

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC4226

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document describes an algorithm to generate one-time password values, based on Hashed Message Authentication Code (HMAC). A security analysis of the algorithm is presented, and important parameters related to the secure deployment of the algorithm are discussed. The proposed algorithm can be used across a wide range of network applications ranging from remote Virtual Private Network (VPN) access, Wi-Fi network logon to transaction-oriented Web applications. This work is a joint effort by the OATH (Open AuTHentication) membership to specify an algorithm that can be freely distributed to the technical community. The authors believe that a common and shared algorithm will facilitate adoption of two-factor authentication on the Internet by enabling interoperability across commercial and open-source implementations. This memo provides information for the Internet community.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×