如何生成一次性密码（OTP / HOTP）？ [英] How do I generate One time passwords (OTP / HOTP)?

问题描述

我们已经决定开始对多因素认证工作，通过释放一个iPhone，Android和为我们的客户的黑莓应用程序的方式。

We have decided to start work on Multi-factor authentication, by way of releasing an iPhone, Android and Blackberry app for our customers.

想象的Google身份验证的一次性密码系统。

Think Google Authenticator's one-time password system.

我可以得到我怎么能生成一个唯一的字符串通过使用基于帐户密钥加设备的序列号（或其他唯一标识符）的盐散列。

I can get how I could generate a unique string by hashing using a SALT based on the account secret key plus the device serial number (or other unique identifier).

但没有任何人有任何想法，你怎么能生成一个独特的，短号码，在谷歌的方式做？和/或有没有人对实现这种事情任何好的文章链接？

But does anyone have any idea how you could generate a unique, short number, in the way that google does? And/or does anyone have any good links to articles on achieving this kind of thing?

非常感谢

推荐答案

在最后，我发现，这是在 RFC 4226 <非常有据可查/ A>以及关于整型转换，这可以使用按位运算完成 7页所示时，基本上它是相同的，在下面的答案所示

In the end I found that this was very well documented in RFC 4226 and regarding the integer conversion, this can be done using the bitwise operation shown on page 7, essentially it is the same as that shown in the answer below.

有计算器上另一篇文章在C＃背景下这方面，这可能是值得一读，如果你是在一个类似。位置

There was another post on stackoverflow regarding this in a C# context, which may be worth a read if you are in a similar position.

在C＃中我基本上，散列时间标识（即秒除以30当前时间 - 让长有效期为当前的30秒间隔）。然后用我的秘密密钥作为SALT散列这一点。

In C# I basically, hashed a time identifier (i.e. the current time in seconds divided by 30 - to get a long which is valid for the current 30-second interval). Then hashed this using my secret key as the SALT.

然后...

// Use a bitwise operation to get a representative binary code from the hash
// Refer section 5.4 at http://tools.ietf.org/html/rfc4226#page-7            
int offset = hashBytes[19] & 0xf;
int binaryCode = (hashBytes[offset] & 0x7f) << 24
    | (hashBytes[offset + 1] & 0xff) << 16
    | (hashBytes[offset + 2] & 0xff) << 8
    | (hashBytes[offset + 3] & 0xff);

// Generate the OTP using the binary code. As per RFC 4426 [link above] "Implementations MUST extract a 6-digit code at a minimum 
// and possibly 7 and 8-digit code"
int otp = binaryCode % (int)Math.Pow(10, 6); // where 6 is the password length

return otp.ToString().PadLeft(6, '0');

对于那些你们谁不知道，谷歌身份验证器是一个开源项目 - 您可以< A HREF =http://code.google.com/p/google-authenticator/source/browse/?repo=android相对=nofollow>此处浏览源代码。

这篇关于如何生成一次性密码（OTP / HOTP）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！