RFC Errata
RFC 6238, "TOTP: Time-Based One-Time Password Algorithm", May 2011
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 7271
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Charly Coste
Date Reported: 2022-12-14
Section Appendix A says:
result = Integer.toString(otp); while (result.length() < codeDigits) { result = "0" + result; }
It should say:
result = Long.toString(10000000000L + otp); result = result.substring(11 - codeDigits);
Notes:
The generation of an OTP should run in constant time to ensure that an attacker can't use an observable timing discrepancy to infer the value of any of the generated digits.
This proposed correction has been applied to the pyotp and rotp implementations in https://github.com/pyauth/pyotp/pull/148 and https://github.com/mdp/rotp/pull/119