HOTP / TOTP with mod_authn_otp

Hi all,

I’m trying to get HOTP / TOTP based authentication working with nitrokey and Apache with mod_authn_otp (github.com/archiecobbs/mod-authn-otp). So far I managed to get TOTP working without problems.

Howevever, I can’t get HOTP to work, because client and server generate different OTPs for some reason. For example, starting with a counter value of 3 the nitrokey-app generates the following otps

63263293
90983080
17595497

The server, however, generates these otps:

# otptool -c 3 -d 8 <key>
3: 36277457 73693fd1
# otptool -c 4 -d 8 <key>
4: 14992081 4e612fd1
# otptool -c 45-d 8 <key>
5: 33049933 2bb1744d

In nitrokey-app I used HOTP-slot 1, generated a secret, copied that to apache’s otp.users file. The only other option I set was HOTP length 8 digits.

Same key, same counter value, yet the OTPs are totally different. Looks to me like a differing hash function issue. But I can’t find information on what hash functions nitrokey or mod_authn_otp use / can be configured to use.

Any ideas / pointers?

Regards

Hi! You may want to try to use mod_authn_otp with another OTP client such as Google Authenticator first. If that works, it should work with Nitrokey too.

We’ve already done that. It is working with Yubikey using HOTP, it’s working with Google Authenticator using TOTP, and, funny thing, it is also working with Nitrokey using TOTP. But I cannot get Nitrokey HOTP to work …

I have confirmed that nitrokey-app generates wrong HMAC OTPs. I have tested several different keys and used both otptool (github.com/archiecobbs/mod-authn-otp) as well as the reference java implementation from RFC 4226 (ietf.org/rfc/rfc4226.txt) as verification. Nitrokey-app always produces different HOTPs than the mentioned references tools. This applies to both HOTP 8 as well as HOTP 6.

As an example take secret key (HEX) 20d1aa2a94be897d85690b72c66291c9e3cdeec5 and HOTP length 8. Here are the first 10 HOTP generated by otptool and OneTimePasswordAlgorithm:

# for i in {0..9}; do otptool -c $i -d 8 20d1aa2a94be897d85690b72c66291c9e3cdeec5; done;
0: 48674481 4a6d42b1
1: 07772215 7da20d37
2: 22166006 7e7daef6
3: 55914370 50d19c82
4: 34775174 7f3e1586
5: 14598777 12c06579
6: 93661595 29586f9b
7: 13748460 06c7a9ec
8: 34344966 6d55e206
9: 88758655 5eb2887f

# for i in {0..9}; do java OneTimePasswordAlgorithm $i 8 20d1aa2a94be897d85690b72c66291c9e3cdeec5; done;
0: 48674481
1: 07772215
2: 22166006
3: 55914370
4: 34775174
5: 14598777
6: 93661595
7: 13748460
8: 34344966
9: 88758655

As you can see, the two tools generate the same OTPs. It is expected that nitrokey-app generates the same OTPs in the exact same order. However, programming the nitrokey with above secret key produces the following first 10 OTPs:

0: 51431335
1: 06218238
2: 76227947
3: 24637171
4: 38141807
5: 48147114
6: 64237671
7: 27277493
8: 90094019
9: 47840440

These are completely different and wrong. I don’t know what exactly is happening (key programming wrong? HMAC implementation wrong? …), but anyway, the OTPs output by nitrokey-app are wrong. Whatever the reason, this should be fixed asap.

Software Versions:
4.2.0-27-generic #32-Ubuntu SMP x86_64
nitrokey-app version 0,2 (nitrokey-app-0.2-Ubuntu.deb)
Nitrokey Pro firmware version 0.7

Regards

This issue has been solved in Nitrokey App several months ago.