This document provides an overview of one-time passwords (OTP), including a brief history, benefits and costs, categories, generation methods like HOTP and TOTP, delivery methods, relevant RFCs and standards, potential attacks, and development libraries. It defines an OTP as a single-use password or code used to authenticate over untrusted channels, complementing a user password for two-factor authentication. Common OTP types are event-based HOTP, which uses a HMAC to generate codes based on a key and counter, and time-based TOTP, which extends HOTP to generate codes based on time.

1. ONE TIME PASSWORD
By
Swetha Kogatam
SJSU ID: 009439339

2. AGENDA
 Introduction
 Brief History of OTP systems
 Benefits &Costs,
 Categories of OTP
 Methods of Generation
• HOTP & TOTP
 Methods of delivery
 RFCs and standards
 Attacks
 OTP Development Libraries

3. What is a One-time Password?
 A single-use password or series of codes used
to authenticate a user over an untrusted
communication channel
• Complements a user password
 Two-Factor Authentication

4. Brief & Probable History
 Leslie Lamport wrote an article on chaining
hashes for authentication (CACM 1981)
 Bellcore developed S/Key based on the
Lamport scheme (1994)
 Hardware tokens are developed
 OPIE was a more modern implementation and
compatible with S/Key
 OTPW developed

5. Modern day examples for OTP

6. Benefits of OTPs
 Cost effective alternative for expensive digital
certificates
 Cannot be reused
 Avoids expensive Hardware tokens
 Can be time-limited
 Can be used over untrusted communication
paths
• Telnet, web-based, serial terminals
 Can use with a compromised user password
 Multiple generation/delivery mechanisms

7. Costs
 Difficult for human beings to memorize and
require additional technology to work
 Based on a shared secret
 Software tools can be compromised
 Attacks are still possible

8. Categories of OTPs
 More often used two types of OTPs are
1. Event Based - HMAC-based One-time
Password (HOTP)
2. Time Based - Time-based One time Password
(TOTP)
 Others include
1. Challenge-based - User enters a key sent from
server plus a password
2. Proprietary – RSA SecureID

9. Methods of Generation - HOTP
 HOTP (HMAC-based)
• Computes a HMAC-SHA-1 and truncation to
compute the HOTP value
• HOTP(K,C) = Truncate(HMAC-SHA-1(K,C))
Where the Key (K), the Counter (C),

10. HOTP
We can describe the operations in 3 distinct steps:
 Step 1: Generate an HMAC-SHA-1 value
Let HS = HMAC-SHA-1(K, C) // HS is a 20-byte
string
 Step 2: Generate a 4-byte string (Dynamic
Truncation)
Let Sbits = DT (HS) // DT, defined below, // returns
a 31-bit string
 Step 3: Compute an HOTP value
Let Snum = StToNum (Sbits) // Convert S to a
number in 0...2^{31}-1
Return D = Snum mod 10^Digit // D is a number in
the range 0...10^ {Digit}-1

11. TOTP
 TOTP (Time-based)
• An extension of HOTP to support time
• TOTP = HOTP (K, T),
• TOTP(K,C) = Truncate(HMAC-SHA-1(K,T))
• Where T = (Current Unix time - T0) / X, where
the default floor function is used in the
computation
• For example, with T0 = 0 and Time Step X =
30, T = 1 if the current UNIX time is 59 seconds,
and T = 2 if the current UNIX time is 60 seconds

12. Methods of Delivery
 Software applications
• Command line OTP calculators
 Text messaging
• Requests are made to send a code via SMS
• Requests from SMS itself or out-of-band
 Phone call
• During the authentication process, you receive
a phone call and enter a PIN

13. More Methods of Delivery
 Paper
• Lists of passwords or codes to use
• Some systems use paper codes as a backup
 Hardware token
• Token has a rotating display of the current code
• May have buttons for challenges
 Mobile applications
• The code is displayed exactly like a HW token
• OTP calculators can work with counter-based OTP

14. RFCs and Standards
 RFC 1760, The S/KEY One-Time Password
System
 RFC 2289, A One-time Password System
 RFC 4226, HOTP: An HMAC-Based One-Time
Password Algorithm
 RFC 6238, TOTP: Time-based One-time
Password Algorithm

15. Attacks on OTP
 Man-in-the-Middle
• Attacker captures and resends authentication
data to legitimate server
 Mobile based delivery for OTPs can be
attacked
 Paper based delivery for OTPs - theft

16. OTP Development Libraries
 Java: javaotp
 Ruby: ropt, ruby-otp
 Python: POTP
 PHP: OTPHP, multiOTP
 C/C++: OpenOTP
 Many more available

17. Questions