[Issue 10192] New: otp.c overlay - HOTP wrongly numbers gneration

27 Mar 2024


      https://bugs.openldap.org/show_bug.cgi?id=10192
Issue ID: 10192
           Summary: otp.c overlay - HOTP wrongly numbers gneration
           Product: OpenLDAP
           Version: 2.6.7
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: overlays
          Assignee: bugs@openldap.org
          Reporter: michal.pura@gmail.com
  Target Milestone: ---
Hello, I am trying to use otp.c overlay but seems that numbers are not properly
generated.
In my case I have random secret like 'aaaabbbbccccdddd' and according to what
Google Authenticator and https://www.verifyr.com/en/otp/check#hotp is
generating we should have the following HOTP codes for above secret:
1 - 229789
        2 - 801677
        3 - 630108
        4 - 214543
        5 - 916392
        6 - 346078
        7 - 701644
        8 - 865071
        9 - 431248
        10 - 355053
but, otp.c module is returning the following numbers:
1 - 441008
        2 - 465617
        3 - 669281
        4 - 042697
        5 - 461210
        6 - 620979
        7 - 700859
        8 - 573924
        9 - 805067
        10 - 135880
The secret is properly generated and used in the code. I've checked it under
debugger. The hash algorithm is defined as 1.2.840.113549.2.7 ->
HMAC-WITH-SHA1. What is wrong?
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 10192] New: otp.c overlay - HOTP wrongly numbers gneration