Not working HOTP with Nitrokey Pro - "BUG: nitrokey HOTP BROKEN"

[szszszsz]

source: https://www.nitrokey.com/forum/viewtopic.php?f=13&t=1612
von tzkn » 26. Februar 2016, 14:16

Hi all,

during tests I realized that HOTP with nitrokey and nitrokey-app does not work. Tracking down the issue I realized that nitrokey-app produces wrong HOTPs. This can easily be reproduced and verified.

From RFC 4226 https://tools.ietf.org/html/rfc4226 use the Secret = "3132333435363738393031323334353637383930". Program Nitrokey using nitrokey-app as follows:

Manage Slots
(*) HOTP
Slot: HOTP slot (any free) Name: rfc4226

Secret key
Input format: (*) Hex
Secret Key: 3132333435363738393031323334353637383930

Parameters
HOTP length: (*) 6 digits
Moving factor seed: 0

Save

Open any editor you like
Click nitrokey-app -> passwords -> rfc4226
Paste into editor
Repeat 9 times

According to RFC 4226 the HOTP values produced must be as follows (see page 31):

Code: Alles auswählen
Truncated
Count Hexadecimal Decimal HOTP
0 4c93cf18 1284755224 755224
1 41397eea 1094287082 287082
2 82fef30 137359152 359152
3 66ef7655 1726969429 969429
4 61c5938a 1640338314 338314
5 33c083d4 868254676 254676
6 7256c032 1918287922 287922
7 4e5b397 82162583 162583
8 2823443f 673399871 399871
9 2679dc69 645520489 520489

However, the HOTPs produced by Nitrokey are:

Code: Alles auswählen
Count HOTP
0 039329
1 710717
2 528155
3 980838
4 249088
5 354406
6 399156
7 478026
8 294892
9 941415

I have verified that behavior on two different Nitrokeys.

Ubuntu 15.10
Nitrokey App Version 0.2
Firmware Version 0.7

Please confirm and fix.

[szszszsz]

Issue is not occuring with Nitrokey Storage on ubuntu 14.10 with both binary package and latest commit compilation. It is occuring however with Nitrokey Pro as described in issue description. Working on solution.

[szszszsz]

ready to merge