RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3899

Status: Reported
Type: Technical

Reported By: Marcus Bring
Date Reported: 2014-02-24

Section Appendix A. says:

// Put the bytes of "time" to the message
// Input is text value of minutes
    if(timeStampLength > 0){
        bArray = hexStr2Bytes(timeStamp);
        System.arraycopy(bArray, 0, msg, ocraSuiteLength + 1 +
            counterLength + questionLength +
            passwordLength + sessionInformationLength,
            bArray.length);
    }

It should say:

// Put the bytes of "time" to the message
// Input is HEX encoded value of minutes
    if(timeStampLength > 0){
        bArray = hexStr2Bytes(timeStamp);
        System.arraycopy(bArray, 0, msg, ocraSuiteLength + 1 +
            counterLength + questionLength +
            passwordLength + sessionInformationLength,
            bArray.length);
    }

Notes:

The timestamp should be HEX encoded since hexStr2Bytes() is used. Otherwise it will fail to generate the correct OTP

Report New Errata