RFC 4226, "HOTP: An HMAC-Based One-Time Password Algorithm", December 2005Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
Errata ID: 5792
Status: Held for Document Update
Publication Format(s) : TEXT
Reported By: Jeffrey Goldberg
Date Reported: 2019-07-24
Held for Document Update by: Benjamin Kaduk
Date Held: 2019-07-29
Section 5.3 says:
Implementations MUST extract a 6-digit code at a minimum and possibly 7 and 8-digit code. Depending on security requirements, Digit = 7 or more SHOULD be considered in order to extract a longer HOTP value.
It should say:
Implementations MUST extract a 6-digit code at a minimum and possibly 7, 8 and 9-digit code. Depending on security requirements, Digit = 7 or more SHOULD be considered in order to extract a longer HOTP value. The code MUST NOT exceed 9 digits.
Although the detailed description of the dynamic truncation algorithm makes is clear that the code is generated from a 31 bit value, it is not explicitly stated in the main sections of the RFC that nine digits is the maximum number of digits supported by the algorithm.
The fact that nine digits is the maximum supported is alluded to in E.2, but this should be made more clear.
There are reports that TOTP implementations in the wild are supporting 10 digit codes. That mistaken behavior would be better discouraged by clarifying the limit of digits to 9.