If you need to generate one-time passwords using the Mobile-OTP / mOTP algorithm, from the command-line, without futzing around with your phone.
This is a self-proclaimed “standard” algorithm for one-time passwords. It is confusing, seemingly almost obsolete, and appears to mainly be used in German-speaking countries. You don't want to use this unless you are forced to interact with an existing system that uses such codes for 2FA.
Mobile apps that appear to support it:
- Swiss SafeLab OTP authenticator for iOS: on iTunes
- Swiss SafeLab OTP authenticator for Android: APK download
- Android app that supports this algorithm: DroidOTP on Google Play Store
The principle of the algorithm is explained badly and implemented confusingly but it's very simple: you have a token secret (an ASCII string, usually hexadecimal or alphanumeric) and a PIN (an ASCII string, usually 4 digits), and this is converted to a 6-digit code using:
counter = ASCII((UNIX epoch time) / 10s)
digest = MD5HEX(counter || secret || pin)
code = LEFT(digest, 6 characters)
That's it. ¯\_(ツ)_/¯
Requires Python 3.x.
$ ./motp.py SECRET PIN
a1b329
More verbosely:
$ ./motp.py -v SECRET PIN
Epoch time: 1549323786
Counter: 154932378
a1b329 (current)
All available options:
$ ./motp.py --help
usage: motp.py [-h] [-s SECONDS] [-l LENGTH] [-w WINDOW] [-v] secret pin
positional arguments:
secret mOTP secret value (often hex or alphanumeric digits)
pin mOTP PIN value (usually 4 digits)
optional arguments:
-h, --help show this help message and exit
-s SECONDS, --seconds SECONDS
Duration of mOTP codes in seconds (default 30 seconds)
-l LENGTH, --length LENGTH
Length of mOTP output (default 6 characters)
-w WINDOW, --window WINDOW
Number of counter values before and after current one
to show (for testing time-skew)
-v, --verbose