The calendar is gone.
Click here to view posts

Hotp

In my final days of work I have created a library for the HMAC-Based One-Time Password(HOTP) Algorithm. HOTP was created in hopes that a freely available encryption standard would generate more two-factor authentication devices. Looking around on the net you will find that there are a handful of devices that support HOTP. If you would like to read more about HOTP and its inner workings check out RFC 4226 (http://www.ietf.org/rfc/rfc4226.txt)

As for ruby and HOTP it is done. I hope to have a project up on RAA and rubyforge soon. A coworker helped me fill out the class, create a gem and correct a few implementation errors.
Example 1:

#example numbers from the RFC
require "HOTP"
h = HOTP.new()
h.secret = "12345678901234567890" 
h.count = "0" #can be a string or number.
h.digits = 6 
h.update #=> "755224" 
h.hotp #=> "755224" 

I think the RFC has you generate hotp numbers until you match the one that was passed in or you hit a max number of tries. This number would be inputed along with a personal pin and a unique id that you can related to the secret text for that card.

Example 2:

#example numbers from the RFC
require "HOTP"
search_digits = ARGS[0]

(0..10000).each{|counter| 
   if HOTP::hotp("12345678901234567890",counter) == search_digits
     puts "you pressed the button #{counter} times!"
     break
   end
} 

You get the point. I will post the links to the code when they are up.

Tags: prague

Hotp project

The HOTP code is released. You can gem install it because it is hosted on rubyforge. I also made an announcement on ruby talk. The Hotp class implements RFC 4226 in Ruby. (http://www.ietf.org/rfc/rfc4226.txt) HOTP is an HMAC-SHA1 based algorithm for one time passwords. The README has examples on how to use the library. We used the perl implantation and the RFC to write our test.

http://rubyforge.org/projects/hotp/ and http://raa.ruby-lang.org/project/hotp

Tags: prague