What is an OTP number in a login authentication system? Is there any specific algorithm for generating OTP numbers using java (android). Or is an OTP something like random number? How can this be achieved, with optimization.
How to generate OTP Number with 6 digits
94.6k views Asked by Android Developer At
11
There are 11 answers
0
On
As stated in other answers, the rules on how to generate TOTP (RFC 6238) and HOTP (RFC 4226) codes are defined in RFC's. However if you don't want to implement them manually. You could always use a library.
For example, I created a library for creating one-time passwords: OTP-Java
Or you also look through the code on how the codes are generated if you prefer to implement it yourself.
1
On
protected void onCreate(Bundle savedInstanceState)
{
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
Random otp =new Random();
StringBuilder builder=new StringBuilder();
for(int count=0; count<=10;count++) {
builder.append(otp.nextInt(10));
}
Log.d("Number", " " + builder.toString());
TextView txt = (TextView) findViewById(R.id.txt);
txt.setText(builder.toString());
}
0
On
I have the same difficulty to find simple rule about it.
There are a lot of content explaining about OTP like "Time Synchronized" etc..., however I was looking for a simple solution while keeping the system's security.
In my case I keep the 2FA (Two Factor Authentication), that already gives a lot of security.
A relevant info about JAVA for random generator (see: SecureRandom) Important if you want a unique number generation, avoiding repeats.
Examples:
https://www.securecoding.cert.org/confluence/display/java/MSC02-J.+Generate+strong+random+numbers
Details about it: http://resources.infosecinstitute.com/random-number-generation-java/
Based on examples above I implemented the following snippet:
public class SimpleOTPGenerator {
protected SimpleOTPGenerator() {
}
public static String random(int size) {
StringBuilder generatedToken = new StringBuilder();
try {
SecureRandom number = SecureRandom.getInstance("SHA1PRNG");
// Generate 20 integers 0..20
for (int i = 0; i < size; i++) {
generatedToken.append(number.nextInt(9));
}
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return generatedToken.toString();
}
}
6
On
Please do not reinvent the wheel - especially in case of security and cryptography. You might end up in a really bad state.
Use algorithms, that the community agreed upon like the HOTP and TOTP algorithm specified by the Open Authentication Iniative. These algorithms are also used by the google authenticater and specified in these RFCs. Read them. They are simple.
0
On
First of all OTP stands for one time password it is used for the authentication and
verification this is code is for java implemented in netbeans IDE
You have to register on the msg91.com for the api genration and that gives free 250
msgs.
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Random;
import javax.swing.JOptionPane;
public class SMS {
String num,otp;
SMS(String mob)
{
num=mob;
}
static String otpGenerator()
{
String numbers = "0123456789";
String x="";
Random rndm_method = new Random();
char[] otp = new char[4];
for (int i = 0; i <4; i++)
{
otp[i]=numbers.charAt(rndm_method.nextInt(numbers.length()));
x=x+otp[i];
}
return x;
}//this is the function for the random number generator for otp
public void sms(String otp)
{
try {
String apiKey = "api key on msg91.com";
String message = otp;
String sender = "TESTIN";
String numbers = num;
String a="http://api.msg91.com/api/sendhttp.php?
country=91&sender="+ sender +"&route=4&mobiles=" + numbers +"&authkey=api
key on msg91.com&message="+message+" ";
//System.out.println(a);
// Send data
HttpURLConnection conn = (HttpURLConnection) new URL(a).openConnection();
String data = apiKey + numbers + message + sender;
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Length", Integer.toString(data.length()));
conn.getOutputStream().write(data.getBytes("UTF-8"));
final BufferedReader rd = new BufferedReader(new
InputStreamReader(conn.getInputStream()));
final StringBuffer stringBuffer = new StringBuffer();
String line;
while ((line = rd.readLine()) != null) {
//stringBuffer.append(line);
//JOptionPane.showMessageDialog(null, "message"+line);
System.out.println("OTP SENT !");
}
rd.close();
//return stringBuffer.toString();
} catch (Exception e) {
JOptionPane.showMessageDialog(null,e);
}
}
//now you have to call this function and send your number as the parameter
public Start() {
this.setUndecorated(true);
initComponents();
jPasswordField1.setBackground(new Color(0, 0, 0, 0));
jPasswordField1.setOpaque(false);
//jPasswordField1.setBorder(null);
this.setBounds(300, 200, 707, 390);
SMS otp=new SMS("your number");
x=otp.otpGenerator();
otp.sms(x);
}
0
On
Java 8 introduced SplittableRandom in it's java.util package. You can use it's nextInt(int origin, int bound) to get a random number between the specified bound.
StringBuilder generatedOTP = new StringBuilder();
SplittableRandom splittableRandom = new SplittableRandom();
for (int i = 0; i < lengthOfOTP; i++) {
int randomNumber = splittableRandom.nextInt(0, 9);
generatedOTP.append(randomNumber);
}
return generatedOTP.toString();
But I will recommend to use SecureRandom class. It provides a cryptographically strong random number and available in the package java.security.
StringBuilder generatedOTP = new StringBuilder();
SecureRandom secureRandom = new SecureRandom();
try {
secureRandom = SecureRandom.getInstance(secureRandom.getAlgorithm());
for (int i = 0; i < lengthOfOTP; i++) {
generatedOTP.append(secureRandom.nextInt(9));
}
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return generatedOTP.toString();
You may get more info from Java 8- OTP Generator
1
On
import java.util.*;
public class OTP2 {
static char[] OTP(int len) {
System.out.println("Generating OTP using random ()");
System.out.print("Your OTP is:");
// Using numeric values
String numbers = "0123456789";
// Using random method
Random rndm_method = new Random();
char[] otp = new char[len];
for(int i=0; i<len;i++) {
// use of charAt() method : to get character value
// use of nextInt() as it is scanning the value as int
otp[i] = numbers.charAt(rndm_method.nextInt(numbers.length()));
}
return otp;
}
public static void main(String args[]) {
int length = 6;
System.out.println(OTP(length));
}
}
Check google authenticator. : https://github.com/google/google-authenticator it is open source project with OTP functionality
Source code for android app https://code.google.com/p/google-authenticator/source/browse/?repo=android
Here is source code for server side https://github.com/chregu/GoogleAuthenticator.php
Wikipedia article http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm