erikreedstrom/pot

POT is an Erlang library for generating one time passwords compatible with Google Authenticator

POT

Introduction

POT is an Erlang library for generating one time passwords. It supports both HMAC-based one time passwords (HOTP) and time based ones (TOTP). The generated passwords are compatible with Google Authenticator.

POT is an almost direct translation of the Python OneTimePass library.

POT should work with any recent version of Erlang/OTP, Elixir and other Erlang VM based languages.

In order to learn more about one time password generation, see the following Wikipedia articles:

• Google Authenticator
• HMAC-based One-time Password Algorithm
• Time-based One-time Password Algorithm

TODO

• Documentation.

News

• 2015/01/20
  • Embedded base32_erlang library
• 2015/01/18
  • Initial version

Usage (Erlang)

POT uses rebar v2 for managing dependencies and building the library.

Include POT in your rebar.config:

{deps, [
    {pot, ".*", {git, "https://github.com/yuce/pot.git", "master"}}]}.

POT works with binary tokens and secrets.

Create a time based token

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = pot:totp(Secret),
% Do something with the token

Create an HMAC based token

Secret = <<"MFRGGZDFMZTWQ2LK">>,
CurrentTrial = 3,
Token = pot:hotp(Secret, CurrentTrial),
% Do something with the token

Check some time based token

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = <<"123456">>,
IsValid = pot:valid_totp(Token, Secret),
% Do something

Check some HMAC based token

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = <<"123456">>,
LastUsed = 5,  % last successful trial
IsValid = pot:valid_hotp(Token, Secret, [{last, LastUsed}]),
% Do something

Usage (Elixir)

Include POT in your mix.exs as a dependency:

defp deps do
  [{:pot, git: "https://github.com/yuce/pot.git"}]
end

Create a time based token

secret = "MFRGGZDFMZTWQ2LK"
token = :pot.totp(secret)
# Do something with the token

Create an HMAC based token

secret = "MFRGGZDFMZTWQ2LK"
current_trial = 3
token = :pot.hotp(secret, current_trial)
# Do something with the token

Check some time based token

secret = "MFRGGZDFMZTWQ2LK"
token = "123456"
is_valid = :pot.valid_totp(token, secret)
# Do something

Check some HMAC based token

secret = "MFRGGZDFMZTWQ2LK"
token = "123456"
last_used = 5  # last successful trial
is_valid = :pot.valid_hotp(token, secret, [{:last, last_used}])
# Do something

Credits

• Yuce Tekol
• Tomasz Jaskowski: OneTimePass Python library
• Andrew Tunnell-Jones: base32_erlang library