TOTP and HOTP¶
One-time passwords (OTPs) are commonly used as a form of two-factor authentication. Crypto can be used to generate both TOTP and HOTP in accordance with RFC 6238 and RFC 4226 respectively.
- TOTP: Time-based One-Time Password. Generates password by combining shared secret with unix timestamp.
- HOTP: HMAC-Based One-Time Password. Similar to TOTP, except an incrementing counter is used instead of a timestamp. Each time a new OTP is generated, the counter increments.
Generating OTP¶
OTP generation is similar for both TOTP and HOTP. The only difference is that HOTP requires the current counter to be passed.
import Crypto // Generate TOTP let code = TOTP.SHA1.generate(secret: "hi") print(code) "123456" // Generate HOTP let code = HOTP.SHA1.generate(secret: "hi", counter: 0) print(code) "208503"
View the API docs for TOTP
and HOTP
for more information.
Base 32¶
TOTP and HOTP shared secrets are commonly transferred using Base32 encoding. Crypto provides conveniences for converting to/from Base32.
import Crypto // shared secret let secret: Data = ... // base32 encoded secret let encodedSecret = secret.base32EncodedString()
See Crypto's Data
extensions for more information.