OTP cognition
Dynamic password (otp,one-time Password), also known as a one-time password, is the use of cryptography technology in the client and the server through the sharing of a secret authentication technology, is a strong authentication technology, is to enhance the current static password authentication of a very convenient technical means, is an important two-factor authentication technology, Dynamic password Authentication technology includes the client used to generate the password generator, dynamic token, is a hardware device, and used to manage tokens and password authentication of the background dynamic password Authentication system composition.
I. OTP history traceability
动态口令(OTP)有一个同名确不同翻译的前辈,一次性密码(OTP, One-Time Pad),也叫密电本,是一种应用于军事领域的谍报技术,即对通信信息使用预先约定的一次性密电本进行加密和解密,使用后的密电本部分丢弃不再使用,能够做到一次一密。如果看过一些国内的谍战电视剧可能会对在二战时期,日本轰炸重庆中的一个号称“独臂大盗”的日本间谍有印象的话,他同日军通电使用的就是一次性密码技术,使用诺贝尔获奖的小说《The Good Earth》进行谍报编码,最后是被称为美国密码之父的赫伯特·亚德利破获。而目前在安全强认证领域使用的OTP动态密码技术,源于最早由RSA公司于1986年开发的RSA SecureID产品,动态密码并不是一次性密码技术,而是动态一次性口令技术。目前,国际上动态口令OTP有2大主流算法,一个是RSA SecurID ,一个是OATH组织的OTP算法。如果在国内来说的话,另一个是国密的OTP密码算法。RSA SecurID使用AES对称算法,OATH使用HMAC算法,国密算法使用的国密SM1(对称)和SM3(HASH)算法。
Second, OTP authentication principle and synchronous method
动态口令的基本认证原理是在认证双方共享密钥,也称种子密钥,并使用的同一个种子密钥对某一个事件计数、或时间值、或者是异步挑战数进行密码算法计算,使用的算法有对称算法、HASH、HMAC,之后比较计算值是否一致进行认证。可以做到一次一个动态口令,使用后作废,口令长度通常为6-8个数字,使用方便,与通常的静态口令认证方式类似,使用方便与系统集成好,因此OTP动态口令技术的应用非常普遍,可以应用于多种系统渠道使用,如:Web应用、手机应用、电话应用、ATM自助终端等。
There are 3 kinds of dynamic password synchronization mechanism, namely time type, event type and challenge and answer type, the most used is time dynamic password, the application of challenge and Response dynamic password is increasing gradually, and the dynamic password becomes the development of multiple synchronization type compound mechanism, such as TIME + challenge and response type.
目前在信息系统中使用的增强型认证技术包括: 1 USBKey: 申请PKI证书。 2 动态口令卡:打印好的密码刮刮卡。 3 动态短信:使用电信通道下发口令。 4 IC卡/SIM卡:内置与用户身份相关的信息。 5 生物特征:采用独一无二的生物特征来验证身份,如指纹。 6 动态令牌:动态口令生成器和认证系统。
Now implement the OTP dynamic password directly on the code:
PrivateStaticFinalInt[] Digits_power = {1,10,100,1000,10000,100000,1000000,10000000,100000000};PublicStaticByte[]HMAC_SHA1 (Byte[] Keybytes,Byte[] text)Throws NoSuchAlgorithmException, invalidkeyexception{try {//? Mac HMACSHA1;try {hmacSha1 = mac.getinstance ("HmacSHA1"); }catch (NoSuchAlgorithmException nsae) {hmacSha1 = Mac.getinstance ("Hmac-sha-1"); } Secretkeyspec MacKey =New Secretkeyspec (Keybytes,"RAW"); Hmacsha1.init (MacKey);return hmacsha1.dofinal (text); }catch (Generalsecurityexception GSE) {ThrowNew Undeclaredthrowableexception (GSE); } }PublicStatic StringGENERATEOTP (Byte[] Secret,Long Movingfactor,int codedigits)Throws NoSuchAlgorithmException, invalidkeyexception {stringbuffer result =New StringBuffer ("");byte[] Text =Newbyte[6];for (int i =text.length-1; I >=0; i--) {Text[i] = (BYTE) (Movingfactor &0xFF);Movingfactor >>=6; }Byte[] hash = HMAC_SHA1 (secret, text);Step 1:generate an Hmac-sha-1 valueint offset = (Hash[hash.length-1] &0XF) +3;//int binary = ((Hash[offset] &0x7f) << 24) | ((Hash[offset-1] & 0xff) << 16) | ((Hash[offset-2] & 0xff) << 8) | (Hash[offset-3] & 0xff); //generate a 4-byte string int OTP = binary% digits_power[ Codedigits-1]; Result. Append (integer.tostring (OTP)); while (Result.length () < codedigits) {Result.insert (0, Span class= "hljs-string" > "0"); //compute an HOTP value} return result.tostring ();}
/span>
Test:
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced. 77573008
Bill: OTP Dynamic password _java code implementation