pasamio / oathtoken

Automatically exported from code.google.com/p/oathtoken
0 stars 0 forks source link

OATH Challenge-Response (OCRA) #8

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
This Token is really good - nice work.

Now that you implemented HOTP and TOTP specs, it would not be a big task to 
implement OCRA with counter or time moving factor.
It is very few new code once you have HOTP+TOTP.

It could be a new selector like:
(Event Based) - (Time Based) - (Challenge Based)

And in challenge, the configuration would consist in providing the OCRASuite 
and OATH secret key (and optionally the OCRA PIN).

Note: If you are interrested, you can use my software for testing OCRA : OpenOTP

Original issue reported on code.google.com by charly.r...@gmail.com on 25 Nov 2010 at 11:05

GoogleCodeExporter commented 9 years ago

Original comment by archie.c...@gmail.com on 26 Nov 2010 at 12:31

GoogleCodeExporter commented 9 years ago
If you have questions regarding the OCRA implementation, don't hesitate to 
contact me...
I think it's good idea because there are currently some HOTP/TOTP soft tokens 
but no OCRA OATH soft tokens.
Note: As I've seen it in the other posts, if you implement QRcode key 
provisioning, you can also use OpenOTP for tests which provides the OATH keys 
as barecodes for Google Authenticaor (with Google URI) and as QRCode HEX key 
values for other tokens...
I can create a permanent account for you on our systems if you need - if it can 
ease your testings.

Original comment by charly.r...@gmail.com on 26 Nov 2010 at 8:46