Authenticator apps like Google Authenticator use 2 authenticaion protocol centered around What you have paradigm. Those algorithms are:
- HOTP (HMAC-based One Time Password), and
- TOTP (Time-based One Time Password).
They obviously are different, but both are centered around the same basic idea: using a rolling hash value, that is predictable only to the server and the authenticator app. Additionally, both are using HMAC-SHA-1 for generating those hash values.
In my previous post I explained the gist of the approach used in both algorithms. Here we’ll focus on the details of implementation of HMAC. We’ll tackle TOTP in part 3.
[Read More]