Skip to content

Improve README {add some basic detail of TOTP and why need of implementation } #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shubham390 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Improve README {add some basic detail of TOTP and why need of implementation } #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 27 additions & 1 deletion README
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,30 @@
JavaOTP is a basic and an Open Source implementation of TOTP algorithm RFC6238

**TOTP Explantion and need of implementation**
Explain-
{If your website features a username+password authentication system, you owe it
to your users to offer 2-factor authentication (or 2fa for short) as an additional
measure of protection for their accounts. If you're unfamiliar with 2fa, it's that
step in the login sequence that asks the user for a (typically) 6-digit numeric code
in order to complete user authentication. The 6 digit codes are either sent to the user's
phone as a text message upon a login attempt or generated by an app such as Google Authenticator.
Codes have a short validity period of typically 30 or 60 seconds. This will show you how
to implement such a system using java in a way that is compatible with Google Authenticator.}


Implementation-
{Your first idea for implementing the server side component of a 2fa system might be to randomly
generate 6 digit codes with short validity periods and send them to the user's phone in response
to a login attempt. One major shortcoming with this approach is that your implementation wouldn't
be compatible with 2fa apps such as Google Authenticator which many users will prefer to use.
In order to build a 2fa system that is compatible with Google Authenticator, we need to know what
algorithm it uses to generate codes. Fortunately, there is an RCF which precisely specifies the algorithm.
RFC 6238 describes the "time-based one-time password" algorithm, or TOTP for short. The TOTP algorithm combines
a one time password (or secret key) and the current time to generate codes that change as time marches forward.
RFC 6238 also includes a reference implementation in java under the commercial-friendly Simplified BSD license.
This tutorial will show you how to use code from the RFC to build a working 2fa system that could easily be adapted
into your java project.}

In order to use this project you will need Eclipse and JUnit

Dependencies
Expand All @@ -15,4 +41,4 @@ Jose Damico

Contact

Jose Ricardo de Oliveira Damico (jd.comment@gmail.com)
Jose Ricardo de Oliveira Damico (jd.comment@gmail.com)