Timed One Time Password (TOTP)TOTP (Timed One Time Password) is a method used to generate single use passwords which are only valid for a certain time period. For example we could have a system which allowed you to register by a mobile phone. It is also used extensively in two-factor authentication (such as registering with a username/password, and entering the timed password). The time window could be set at one hour, where the user had to register within one hour, or their password would have to be re-generated. The method is defined in RFC6238, and it is being used in a large number of applications, especially for timed access control to resources, and in initial registration. At present it is used in the Google Authenticator. The following code uses a 5 second time window to generate a new code, so you can press Generate OTP every five seconds and it should give you a new password: |
Theory
Code
The code uses the OTP-Sharp library, and the following defines a 5 second time window:
[HttpPost] public ActionResult totp(string button1, FormCollection form) { ViewData["seed"] = form["seed"]; string s1 = form["seed"]; if (s1 == null) s1 = ""; var topt = new Totp(System.Text.Encoding.UTF8.GetBytes(s1), step: 5); if (button1 != null) { topt = new Totp(System.Text.Encoding.UTF8.GetBytes(form["seed"]), step: 5); } var totpCode = topt.ComputeTotp(); string v = String.Format("{0:00000000}", totpCode); ViewData["random"] = v; return PartialView("onetime_random"); }