RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4226, "HOTP: An HMAC-Based One-Time Password Algorithm", December 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 2400
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: Alfred Hoenes
Date Reported: 2006-01-18
Held for Document Update by: Sean Turner
Date Held: 2010-07-30

Section 5.3 says:

   The reason for masking the most significant bit of P is to avoid
   confusion about signed vs. unsigned modulo computations.  Different
   processors perform these operations differently, and masking out the
|  signed bit removes all ambiguity.
       ^^
   Implementations MUST extract a 6-digit code at a minimum and possibly
   7 and 8-digit code.  Depending on security requirements, Digit = 7 or
   more SHOULD be considered in order to extract a longer HOTP value.

It should say:

   The reason for masking the most significant bit of P is to avoid
   confusion about signed vs. unsigned modulo computations.  Different
   processors perform these operations differently, and masking out the
|  sign bit removes all ambiguity.

   Implementations MUST extract a 6-digit code at a minimum and possibly
|  7 and 8-digit codes.  Depending on security requirements, Digit = 7
   or more SHOULD be considered in order to extract a longer HOTP value.

Notes:

Editorial fixes.

re: the text of Section 5.3, in the 2nd and 3rd paragraph on page 7.

Report New Errata



Advanced Search