directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Javier Tellez" <>
Subject [Triplesec] HOTP implementation
Date Mon, 21 May 2007 17:30:12 GMT

first of all, thanks to Alex for redirecting me here, and hello to all the members of the

My main interest is the development of applications for mobile devices, and lately im working
on implementing a 2-factor authentication mechanism for J2ME.

Hotp class implements RFC4226 "HOTP: An HMAC-Based One-Time Password Algorithm".
In that class,

hotp.generate(secret, counter, digits) uses 
int offset = 0; 

but in the RFC4226 that offset is the least significant nibble from the last byte of 
hotp.stepOne() output (the 20 bytes from hmac-sha1(k,c)), that is

int offset = hmac_result[19] & 0xf; 

Is there any reason for that? Alex told me that it could be a bug. 

best regards, 

View raw message