blob: d84f5bdfd9314d3a9e36ad77db0706652c01164d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
.. hazmat::
HMAC-Based One-Time Password Algorithm
======================================
.. currentmodule:: cryptography.hazmat.oath.hotp
This module contains functions for generating and verifying one time password
values based on Hash-based message authentication codes (HMAC).
.. class:: HOTP(secret, length, backend)
HOTP objects take a ``secret`` and ``length`` parameter. The ``secret``
should be randomly generated bytes and is recommended to be 160 bits in
length. The ``length`` parameter controls the length of the generated
one time password and is recommended to be at least a 6 digit value.
This is an implementation of :rfc:`4226`.
.. doctest::
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.oath.hotp import HOTP
>>> hotp = HOTP(secret, 6, backend=default_backend)
>>> hotp.generate(0)
958695
>>> hotp.verify("958695", 0)
True
:param secret: Secret key as ``bytes``.
:param length: Length of generated one time password as ``int``.
:param backend: A
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
provider.
.. method:: generate(counter)
:param counter: The counter value used to generate the one time password.
:return: A one time password value.
.. method:: verify(hotp, counter)
:param hotp: The one time password value to validate.
:param counter: The counter value to validate against.
:return: ``True`` if the one time password value is valid. ``False`` if otherwise.
|