RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6238, "TOTP: Time-Based One-Time Password Algorithm", May 2011

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
See Also: RFC 6238w/ inline errata

Errata ID: 2866
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Michal Altair Valasek
Date Reported: 2011-07-20
Verifier Name: Sean Turner
Date Verified: 2011-11-12

Appendix B says

The test token shared secret uses the ASCII string value
"12345678901234567890".

It should say:

The test token shared secrets use the following ASCII string values:
- HMAC-SHA1: "12345678901234567890" (20 bytes)
- HMAC-SHA256: "12345678901234567890123456789012" (32 bytes)
- HMAC-SHA512:
  "1234567890123456789012345678901234567890123456789012345678901234" (64 bytes)

Notes:

The secret values are different for different hash types. The example Java code respects this, but the test vector documentation does not.

Report New Errata