IOTA tutorial 34: Time-Based One-Time Password (TOTP)

IOTA tutorial 34: Time-Based One-Time Password (TOTP)

If you like this video and want to support me, go this page for my donation crypto addresses:
https://www.youtube.com/c/mobilefish/about

This is part 34 of the IOTA tutorial.

In this video series different topics will be explained which will help you to understand IOTA.
It is recommended to watch each video sequentially as I may refer to certain IOTA topics explained earlier.

In this tutorial I will explain in detail how the Time-based One-time Password algorithm works.
This tutorial is not specific IOTA related.
It is intended for developers who wants to understand how the Time-based One-time Password algorithm works.

The Time-based One-time Password algorithm generates single use passwords, also known as tokens, which are only valid for a certain time period.
Often this time period is 60 seconds.
These generated tokens are based on a shared secret key.
The Time-Based One-Time Password algorithm was published as RFC 6238 by the Internet Engineering Task Force (IETF).
See: https://tools.ietf.org/html/rfc6238
In RFC 6238 a Java reference Time-based One-time Password algorithm can be found.
See also: https://www.mobilefish.com/download/java/TOTP.java

The Time-based One-time Password algorithm is an extension of the HMAC-Based One-Time Password (HOTP) algorithm, which was published as RFC 4226 by the IETF.
The HMAC-Based One-Time Password defines an algorithm to create an one time password from a shared secret key and a counter.
See: https://tools.ietf.org/html/rfc4226

When 2FA is enabled on the Trinity wallet, it first generates a shared secret key.
You must write down this shared secret key and safely store it.
Usually this shared secret key with additional information is embedded in a QR code which you can scan by a 2FA app such as the Google Authenticator.
After the QR code is scanned the Google Authenticator generates a token which is a unique code, based on the shared secret key and the current time.

Lets assume you are currently in Beijing (China).
The local Beijing date and time is 4 December 2018, 20:24:20 (UTC+8).
The date and time at that moment at 0 degree longitude meridian is 4 December 2018, 12:24:20.
UTC stands for Coordinated Universal Time and is the time at the 0 degree longitude meridian (Prime Meridian).

Convert this date and time (4 December 2018, 12:24:20) to Unix Epoch Time.
Instead of Unix Epoch Time we can also say Unix Time (Tunix).
Unix Epoch Time is the number of seconds that have elapsed since, 1 January 1970 00:00:00 UTC, not counting leap seconds.
If the date and time at 0 degree longitude meridian is 4 December 2018, 12:24:20 than Tunix = 1543926260 sec

Equation: N = floor(Tunix / ts)
N = number of time steps which have been elapsed since Unix Epoch Time.
floor = function which rounds a number downward to its nearest integer.
Tunix = number of seconds that have elapsed since, 1 January 1970 00:00:00 UTC, not counting leap seconds.
ts = time step. By default the time step is 30 sec.

Convert the number of time steps (N) into a hexadecimal value.
The hexadecimal value must have 16 hexadecimal characters (=8 bytes).
If not, prepend with 0’s.

Convert the hexadecimal value into a 8 bytes array and assign this value to variable m (=message).

Convert the shared secret key into a 20 bytes array and assign this value to variable K.
The shared secret key is a randomly generated 20 bytes number which is base-32 encoded.
For readability this key is divided in groups of 4 characters and all in lower case.
More information about base-32, see Blockchain tutorial 31:
https://youtu.be/Va8FLD-iuTg

Calculate the HMAC hash using the HMAC-SHA1 algorithm.

More information about HMAC, see Blockchain tutorial 30:
https://youtu.be/emBgrRIyyWQ

This HMAC hash size is 160 bits (=20 bytes).

Get the last 4 bits of this hash value and get its integer value.
In this example, the last 4 bits is 0xA which represents integer 10.

This integer is called the offset.
Starting from the offset, get the first 4 bytes from the HMAC hash.
Apply a binary operation for each byte.
Convert this binary value to an integer

Calculate the Token = integer value % 10^n
where n is the token size.
If the token size is less than n, prefix with 0’s.

Every 30 seconds a new token is generated.
But a token remains valid for 60 seconds.

An online Time-based One-time Password generator can be found at:
https://www.mobilefish.com/services/cryptocurrency/totp.html
WARNING: DO NOT USE THIS TOOL TO GENERATE YOUR TOKENS. IT IS ONLY INTENDED FOR EDUCATIONAL, TEST OR DEMONSTRATION PURPOSES.

Check out all my other IOTA tutorial videos:
https://www.youtube.com/playlist?list=PLmL13yqb6OxdIf6CQMHf7hUcDZBbxHyza

Subscribe to my YouTube channel:
https://www.youtube.com/channel/UCG5_CT_KjexxjbgNE4lVGkg?sub_confirmation=1

The presentation used in this video tutorial can be found at:
https://www.mobilefish.com/developer/iota/iota_quickguide_tutorial.html

#mobilefish #howto #iota

Related Post: