Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jonfriesen/otp

A Go implementation of RFC 4226 HOTP: An HMAC-Based One-Time Password Algorithm and RFC 6238: TOTP: Time-Based One-Time Password Algorithm
https://github.com/jonfriesen/otp

2-factor 2fa hacktoberfest hmac-sha1 hotp otp password-algorithm rfc-4226 rfc-6238 totp

Last synced: 24 days ago
JSON representation

A Go implementation of RFC 4226 HOTP: An HMAC-Based One-Time Password Algorithm and RFC 6238: TOTP: Time-Based One-Time Password Algorithm

Host: GitHub
URL: https://github.com/jonfriesen/otp
Owner: jonfriesen
License: mit
Created: 2017-11-17T16:54:25.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2023-11-09T20:41:18.000Z (12 months ago)
Last Synced: 2024-06-20T12:39:12.790Z (5 months ago)
Topics: 2-factor, 2fa, hacktoberfest, hmac-sha1, hotp, otp, password-algorithm, rfc-4226, rfc-6238, totp
Language: Go
Homepage:
Size: 354 KB
Stars: 9
Watchers: 4
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # ![OneTimePasswords](media/otp_logo.png)

![Build Status](https://github.com/jonfriesen/otp/workflows/build/badge.svg)

This package is an implementation of [RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm](https://tools.ietf.org/html/rfc4226) and [RFC 6238: TOTP: Time-Based One-Time Password Algorithm](https://tools.ietf.org/html/rfc6238) with slight deviations from the RFC based on the algorithmic reference implementation and tested using the RFC test values to ensure comaptibility with other HOTP and TOTP systems. 

## Installation

Clone this repository into your Go src directory or pull it automatically with:

```

$ go get github.com/jonfriesen/otp

```

## Usage

```

import "github.com/jonfriesen/otp"

...

// To generate and checking a Time base OTP

totpToken := NewTOTP("secret", Time, 8, 30, 2, sha1.New)

totp := totpToken.Generate()

isValid := totp == totpToken.Check("12345678")

...

// To generate and checking a HMAC OTP 

hotpToken := NewHOTP("secret", 0, 6, 5, sha1.New)

hotp := hotpToken.Generate()

isValid := hotp == hotpToken.Check("123456")

```

## Considerations and Variations from RFC

### Checksum

The checksum option is not included in this implementation as I feel most real world implementations don't use it or account for it. 

### Truncation Offset

The truncation offset is intended to give the entire hash digest the opportunity to contribute to the truncated portion of the hash. Removing this section does not make the algorithm more or less secure.

## Motivation

The OTP package was created to offer a simple, close implementation of RFC 4226 and RFC 6238 for easy consumption in Go.

## Contributions

Pull Requests are welcome, please include tests covering your contributions. 

_{[MIT License Copyright (c) 2022 Jonathan Friesen](./LICENSE)}