在闲暇时间做了一个TOTP相关的开源项目,在项目初步完成之余,我尝试对[RFC6238]文档进行了翻译,供大家参考与查阅,若有不妥之处,还望各位前辈海涵斧正。[RFC6238] : Time-Based One-Time Password Algorithm文章概要这篇文档主要讲述了关于一次性密码(OTP)的一个扩展算法,此算法是在,RFC4226文档中定义的’基于HMAC的一次性密码算法’基础之上,支持了基于时间移动因子的扩展算法。This document describes an extension of the One-Time Password (OTP) algorithm, namely the HMAC-based One-Time Password (HOTP) algorithm, as defined in RFC 4226, to support the time-based moving factor.HOTP算法是一个以事件计数器作为移动因子,基于事件的一次性密码算法。The HOTP algorithm specifies an event-based OTP algorithm, where the moving factor is an event counter.本文所讲述的算法则是将时间值作为移动因子。The present work bases the moving factor on a time value. 这个基于时间的一次性密码生成算法提供了有效时间更短的一次性密码,增强了OTP算法的安全性。 A time-based variant of the OTP algorithm provides short-lived OTP values, which are desirable for enhanced security.此算法可以广泛的应用于互联网应用之中,包括远程虚拟专用网络(VPN)的访问控制,Wi-Fi网络登录以及面向交易的网络应用等等。The proposed algorithm can be used across a wide range of network applications, from remote Virtual Private Network (VPN) access and Wi-Fi network logon to transaction-oriented Web applications. 作者相信通过商用和开源的算法实现,一个通用的共享算法将会促进互联网上更多的人接触并使用到双因素身份认证算法。The authors believe that a common and shared algorithm will facilitate adoption of two-factor authentication on the Internet by enabling interoperability across commercial and open-source implementations.