4 releases

Uses old Rust 2015

0.1.4 Sep 11, 2019
0.1.3 Sep 22, 2018
0.1.2 Dec 28, 2017
0.1.1 Dec 26, 2017
0.1.0 Dec 26, 2017

#37 in #otp

GPL-3.0 license

327 lines

Build Status

libotp implements RFC4226 and RFC6238. These RFCs are implemented by Google's Google Authenticator.

OTP can increases the security for various things, such as web services, servers and even private computers.

How OTP works

A secret is shared between the client and a device. Passwords are generated based on the shared secret.

It is possible to work in two modes:

  1. Counter based - The OTP is generated with a counter that is increased on each successful attempt.
  2. Time based - The OTP is generated based on time. Codes are valid for a pre-configured amount of time.


  • HTOP - HMAC One-Time-Password generation (RFC4226).
    • Configurable HMAC - SHA1, SHA256 or SHA512.
  • TOTP - Time based One-Time-Password generation (RFC6238).
    • Configurable time step, RFC recommended is 30 seconds.
    • Configurable T0 (start time).


~200K SLoC