Wrong value taken as hotp parameters

pratyush3757 commented 2 years ago

In the HOTP [rfc 4226] tests, you took the truncationOffset value as 0 instead of some out of bound value like -1. This causes dynamic truncation to fail and always result in offset set to 0, as the if condition here always computes to true.

if ((0 <= truncationOffset) &&
    (truncationOffset < (hash.length - 4))) {
            offset = truncationOffset;
}

I found your errata in the rfc and noticed the wrong function call in the test file. I just wanted to tell you that the [rfc 4226] test cases are correct.

gerritjvv commented 2 years ago

hi, thanks for getting back on this. I see what you mean.

gerritjvv commented 2 years ago

not sure how I can update/change the errata on the RFC though.

gerritjvv / cryptoplayground

Wrong value taken as hotp parameters #3