Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

RFC 6238, "TOTP: Time-Based One-Time Password Algorithm", May 2011

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

---

Errata ID: 7271
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Charly Coste
Date Reported: 2022-12-14

Section Appendix A says:

         result = Integer.toString(otp);
         while (result.length() < codeDigits) {
             result = "0" + result;
         }

It should say:

         result = Long.toString(10000000000L + otp);
         result = result.substring(11 - codeDigits);

Notes:

The generation of an OTP should run in constant time to ensure that an attacker can't use an observable timing discrepancy to infer the value of any of the generated digits.
This proposed correction has been applied to the pyotp and rotp implementations in https://github.com/pyauth/pyotp/pull/148 and https://github.com/mdp/rotp/pull/119

Report New Errata