TL;DR : RFC 6238, TOTP (Time based one time password)

#tutorial #security

Used in:

Google Authenticator.
Twillio Authy e.t.c


// n digits 
TOTP = TRUCATE(HMAC(secret_key, counter))%10^n

Where;

secret_key = shared between client and server
counter = floor(unix-time/time step)

Hash will be truncated, converted to decimal divided by 10^n (where n is the number of otp digits), the result of the remainder will give you an n length integer, which is our OTP code

Top comments (0)

Unlocking Linux on Windows: A Guide to Installing Ubuntu Using WSL 2 on Windows 11

Sohaib Ilyas - Nov 21

How to mitigate a DDoS attack on a small server

Víctor Falcón - Nov 21

Introducing Fleek Machines (Early Access): One Click Verified and Private Compute

Fleek - Nov 20

The future of software architecture: focus on event-driven architecture

ATIXAG - Nov 20

DEV Community