Menu
I tried to copy the HOTPAlgorithm.java codes (HOTPAlgorithm.java) and compared it against the official HOTP RFC 4226's sample implementation (RFC4226 Page 27) found on Page 27 of the official RFC4226 document. Both the HOTPAlgorithm.java and the implementation in the RFC4226 are written by the same author whom is Loren Hart and set to version 1.0. Both codes are the same essnetially from my comparison.
I tried to run test vector for 6 digit HOTP codes (without modifying the HOTPAlgorithm.java script) and noticed that the source codes given in the RFC4226 and the HOTPAlgorithm.java produces different test vector results against the published RFC4226 results with exactly the same setting.
Is there a discrepancy in the Java codes published by RFC4226 sample Java codes and the HOTPAlogrithm.java when compared against the RFC4226 test vectors ?
Test Results from HOTPAlgorithm.java and RFC4226 Java codes (both produce the same results):
755224
030356
132975
957805
463120
994243
844697
570244
487336
025740
Test Vectors from RFC4226 Publication (RFC4226 Page 32)
755224
287082
359152
969429
338314
254676
287922
162583
399871
520489
Am I missing something or is there discrepancies between officially published sample codes and officially published results ?
929
RFC 4226 HOTP Algorithm December 2005 8. Composite Shared Secrets It may be desirable to include additional authentication factors in the shared secret K. These additional factors can consist of any data known at the token but not easily obtained by others.
RFC 4226 HOTP Algorithm December 2005 The Truncate function performs Step 2 and Step 3, i.e., the dynamic truncation and then the reduction modulo 10^Digit. The purpose of the dynamic offset truncation technique is to extract a 4-byte dynamic binary code from a 160-bit (20-byte) HMAC-SHA-1 result.
RFC 4226 HOTP Algorithm December 2005 probability slightly greater than 10^-6, the rest with probability slightly less, meaning that the distribution is slightly non-uniform. However, as the table above indicates, the bias is small, and as we will see later, negligible: the probabilities are very close to 10^-6.
The conclusion of the security analysis detailed in [ RFC4226] is that, for all practical purposes, the outputs of the dynamic truncation on distinct inputs are uniformly and independently distributed strings. The analysis demonstrates that the best possible attack against the HOTP function is the brute force attack.
The change to Math.pow() didn't make any difference, but I think you might be making the call to generateOTP() with 0 as the truncationOffset parameter value. Trying this with -1 gives the reference test vectors.
66
Change
int otp = binary % DIGITS_POWER[codeDigits];
To
int otp = (int) (binary % Math.pow(10, codeDigits));
Or
int otp = binary % 1000000;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
