Menu
I wrote an One-Time-Password (OTP) generator in C# last year. Now I need to use an OTP generator in Java but I couldn't find the equivalent functions in Java.
Here is the code I wrote last year: (I know this OTP's security is low but I don't need a bullet-proof one)
SHA1CryptoServiceProvider hash = new SHA1CryptoServiceProvider(); //first hash with sha1
byte[] hashPass = hash.ComputeHash(Encoding.ASCII.GetBytes(pass)); //pass is entered by user
HMACMD5 hma = new HMACMD5(hashPass); // use the hashed value as a key to hmac
OTPass = hma.ComputeHash(Encoding.ASCII.GetBytes(email + Counter(email)));// generate OTPass, Counter(email) is the counter of the user taken from database
increaseCounter(email); // updating the counter
this.SetLog(this.GetLog() + Environment.NewLine + "OTPass Generated: " + BitConverter.ToString(OTPass)); // OTP
Here is the Java code I tried to convert C# into: (This is just the SHA1 part, I couldn't find how to write HMAC-MD5 in Java)
import java.io.*;
import java.security.*;
public class otp {
/**
* @param args
* @throws IOException
*/
public static void main(String[] args) throws IOException {
System.out.println("Please enter your username:");
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
String username = br.readLine();
System.out.println("Please enter your password:");
String password = br.readLine();
try {
MessageDigest md = MessageDigest.getInstance("SHA1");
String input = password;
md.update(input.getBytes());
byte[] output = md.digest();
System.out.println();
System.out.println("SHA1(\""+input+"\") =");
System.out.println(" "+bytesToHex(output));
} catch (Exception e) {
System.out.println("Exception: "+e);
}
}
public static String bytesToHex(byte[] b) {
char hexDigit[] = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
StringBuffer buf = new StringBuffer();
for (int j=0; j<b.length; j++) {
buf.append(hexDigit[(b[j] >> 4) & 0x0f]);
buf.append(hexDigit[b[j] & 0x0f]);
}
return buf.toString();
}
}
Thanks for help
472
OTP means One Time Password: it's a temporary, secure PIN-code sent to you via SMS or e-mail that is valid only for one session.
Creating OTPs for new passwordsClick + New > Password. Enter your secret key in the One-time Password field from any third-party authentication application that you used to create the OTP. The secret key must be at least 16 characters long.
OTP is automatically generated with a numeric or alphanumeric string of characters that authenticates the user for a single transaction done by Credit Card, Debit Card or login session. This OTP is a secret token that must not be shared with anyone.
The full form of OTP is the One Time Password. OTP is a code of four or six digits that is often referred to as a one-time pin or dynamic password. It is a form of security password which is effective for the payment or single-use which is used for payment on the mobile phone, one computer, and so on.
I have always used BouncyCastle
You can have a look at a few of these pages:
BouncyCastle HMac
BouncyCastle Specs
Or to stick with Java 6:
Mac hmacMd5 = Mac.getInstance("HMACMD5");
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
