directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [Triplesec] HOTP implementation
Date Mon, 21 May 2007 17:41:18 GMT
Javier,

Thanks for posting here.  Yes now that I have had some time to think about
this it is a bug.  If you
have the time feel free to file a JIRA issue on this and attach a patch.
We're looking for a few good
committers to get involved with this.

Thanks,
Alex

On 5/21/07, Javier Tellez <aviguille@yahoo.es> wrote:
>
>  Hello,
>
> first of all, thanks to Alex for redirecting me here, and hello to all the
> members of the group.
>
> My main interest is the development of applications for mobile devices,
> and lately im working on implementing a 2-factor authentication mechanism
> for J2ME.
>
> Hotp class implements RFC4226 "HOTP: An HMAC-Based One-Time Password
> Algorithm".
>
> In that class,
>
> hotp.generate(secret, counter, digits) uses
> int offset = 0;
>
> but in the RFC4226 that offset is the least significant nibble from the
> last byte of
> hotp.stepOne() output (the 20 bytes from hmac-sha1(k,c)), that is
>
> int offset = hmac_result[19] & 0xf;
>
> Is there any reason for that? Alex told me that it could be a bug.
>
> Thanks,
> best regards,
> Guillermo
>

Mime
View raw message