{
  "draft": "draft-mraihi-oath-hmac-otp-04",
  "doc_id": "RFC4226",
  "title": "HOTP: An HMAC-Based One-Time Password Algorithm",
  "authors": [
    "D. M'Raihi",
    "M. Bellare",
    "F. Hoornaert",
    "D. Naccache",
    "O. Ranen"
  ],
  "format": [
    "TEXT",
    "HTML"
  ],
  "page_count": "37",
  "pub_status": "INFORMATIONAL",
  "status": "INFORMATIONAL",
  "source": "IETF - NON WORKING GROUP",
  "abstract": "This document describes an algorithm to generate one-time password values, based on Hashed Message Authentication Code (HMAC). A security analysis of the algorithm is presented, and important parameters related to the secure deployment of the algorithm are discussed. The proposed algorithm can be used across a wide range of network applications ranging from remote Virtual Private Network (VPN) access, Wi-Fi network logon to transaction-oriented Web applications.\n\n This work is a joint effort by the OATH (Open AuTHentication) membership to specify an algorithm that can be freely distributed to the technical community. The authors believe that a common and shared algorithm will facilitate adoption of two-factor authentication on the Internet by enabling interoperability across commercial and open-source implementations. This memo provides information for the Internet community.",
  "pub_date": "December 2005",
  "keywords": [
    "hashed message authentication code",
    "security analysis",
    "oath",
    "open authentication",
    "authentication",
    "OATH"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC4226",
  "errata_url": "https://www.rfc-editor.org/errata/rfc4226"
}