RFC Errata
RFC 4226, "HOTP: An HMAC-Based One-Time Password Algorithm", December 2005
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 4226 w/ inline errata
Errata ID: 4994
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Mathias Tausig
Date Reported: 2017-04-14
Verifier Name: Paul Wouters
Date Verified: 2023-08-03
Section 7.2 says:
The HOTP client (hardware or software token) increments its counter and then calculates the next HOTP value HOTP client. If the value received by the authentication server matches the value calculated by the client, then the HOTP value is validated. In this case, the server increments the counter value by one. If the value received by the server does not match the value calculated by the client, the server initiate the resynch protocol (look-ahead window) before it requests another pass.
It should say:
The HOTP client (hardware or software token) increments its counter and then calculates the next HOTP value HOTP client. If the value received by the authentication server matches the value calculated by the server, then the HOTP value is validated. In this case, the server increments the counter value by one. If the value received by the server does not match the value calculated by the server, the server initiate the resynch protocol (look-ahead window) before it requests another pass.
Notes:
The OTP value received by the server is the one calculated by the client.
AD Note: this text still has the stray "HOTP client" string that errata eid 5723 reported.