Lib.rs

Authentication
#otp #rfc-6238 #password-generator #hmac-sha1 #web-services #rfc-4226

libotp

One Time Password generator

by Naim A.

5 releases

Uses old Rust 2015

0.2.0 Jun 30, 2024
0.1.4 Sep 11, 2019
0.1.3 Sep 22, 2018
0.1.2 Dec 28, 2017

#279 in Authentication

38 downloads per month

GPL-3.0 license

21KB
389 lines

Build Status

libotp implements RFC4226 and RFC6238. These RFCs are implemented by Google's Google Authenticator.

OTP can increases the security for various things, such as web services, servers and even private computers.

How OTP works

A secret is shared between the client and a device. Passwords are generated based on the shared secret.

It is possible to work in two modes:

  1. Counter based - The OTP is generated with a counter that is increased on each successful attempt.
  2. Time based - The OTP is generated based on time. Codes are valid for a pre-configured amount of time.

Features

  • HTOP - HMAC One-Time-Password generation (RFC4226).
    • Configurable HMAC - SHA1, SHA256 or SHA512.
  • TOTP - Time based One-Time-Password generation (RFC6238).
    • Configurable time step, RFC recommended is 30 seconds.
    • Configurable T0 (start time).

Dependencies

~5–12MB
~226K SLoC