one_time_pass_ecto v1.1.1 OneTimePassEcto.Base View Source
Generate and verify HOTP and TOTP one-time passwords.
Module to generate and check HMAC-based one-time passwords and time-based one-time passwords, in accordance with RFC 4226 and RFC 6238.
Two factor authentication
These one-time passwords are often used together with regular passwords to provide two factor authentication (2FA), which forms a layered approach to user authentication. The advantage of 2FA over just using passwords is that an attacker would face an additional challenge to being authorized.
Link to this section Summary
Functions
Verify a HMAC-based one-time password
Verify a time-based one-time password
Generate a HMAC-based one-time password
Generate a secret key to be used with one-time passwords
Generate a time-based one-time password
Check the one-time password is valid
Link to this section Functions
check_hotp(token, secret, opts \\ []) View Source
Verify a HMAC-based one-time password.
There are three options:
:token_length
- the length of the one-time password- the default is 6
:last
- the count when the one-time password was last used- this count needs to be stored server-side
:window
- the number of future attempts allowed- the default is 3
check_totp(token, secret, opts \\ []) View Source
Verify a time-based one-time password.
There are three options:
:token_length
- the length of the one-time password- the default is 6
:interval_length
- the length of each timed interval- the default is 30 (seconds)
:window
- the number of attempts, before and after the current one, allowed- the default is 1 (1 interval before and 1 interval after)
- you might need to increase this window to allow for clock skew on the server
gen_hotp(secret, count, opts \\ []) View Source
Generate a HMAC-based one-time password.
Note that the count
(2nd argument) should be a positive integer.
There is one option:
:token_length
- the length of the one-time password- the default is 6
gen_secret(secret_length \\ 16) View Source
Generate a secret key to be used with one-time passwords.
By default, this function creates a 16 character base32 (80-bit) string, which is compatible with Google Authenticator.
It is also possible to generate 26 character (128-bit) and 32 character (160-bit) secret keys.
RFC 4226 secret key length recommendations
According to RFC 4226, the secret key length must be at least 128 bits long, and the recommended length is 160 bits.
gen_totp(secret, opts \\ []) View Source
Generate a time-based one-time password.
There are two options:
:token_length
- the length of the one-time password- the default is 6
:interval_length
- the length of each timed interval- the default is 30 (seconds)
valid_token(token, token_length) View Source
Check the one-time password is valid.
The one-time password should be at least 6 characters long, and it should be a string which only contains numeric values.