Time-based One Time Password Algorithm

Follow the algorithm

As implemented in Google Authenticator app, you’ll need:

  • A shared secret key K, which is base32 encoded
  • a specific time period since UNIX epoch T

I’ll use K = GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ and T = 1450235092 (which is Wed, 16 Dec 2015 11:04:52 CST) for example. In the Google Authenticator App, both K and T are passed to TOTP as hexadecimal values (or byte arrays).

Since K is a base32 encoded string, we’ll decode it to byte format. Password changes every 30 seconds, T should be divided by 30, tuncated to integer and converted to hex and padded to 16 hexadecimal digits.

Continue reading Time-based One Time Password Algorithm