RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6238, "TOTP: Time-Based One-Time Password Algorithm", May 2011

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 5132

Status: Reported
Type: Technical

Reported By: Gerrit Jansen van Vuuren
Date Reported: 2017-09-28

Section Appendix B says:

The test token shared secret uses the ASCII string value
   "12345678901234567890"

It should say:

The test token used for each SHA mode is:
// Seed for HMAC-SHA1 - 20 bytes
         String seed = "3132333435363738393031323334353637383930";
         // Seed for HMAC-SHA256 - 32 bytes
         String seed32 = "3132333435363738393031323334353637383930" +
         "313233343536373839303132";
         // Seed for HMAC-SHA512 - 64 bytes
         String seed64 = "3132333435363738393031323334353637383930" +
         "3132333435363738393031323334353637383930" +
         "3132333435363738393031323334353637383930" +
         "31323334";

Notes:

The text suggests that the secret "12345678901234567890" is used, when in fact this value cannot be found in the reference implementation test generation code and leads to different values (as is expected). The actual secret used is called seed, seed32 and seed64 in the reference implementation test generation code.

Report New Errata