#hotp #totp #otp


A Rust library for performing the HMAC-based One-Time Password (HOTP) and Time-based One-Time Password (TOTP) algorithms

2 stable releases

2.0.0 Dec 26, 2023
1.0.0 Dec 17, 2023

#422 in Authentication

Download history 14/week @ 2024-01-07 1/week @ 2024-01-14 13/week @ 2024-01-28 16/week @ 2024-02-04 69/week @ 2024-02-11 24/week @ 2024-02-18 40/week @ 2024-02-25 76/week @ 2024-03-03 39/week @ 2024-03-10 10/week @ 2024-03-17 15/week @ 2024-03-24 31/week @ 2024-03-31 12/week @ 2024-04-07 38/week @ 2024-04-14

97 downloads per month

MIT license

80 lines


Build Status

rust-otp is a Rust library for performing the HMAC-based One-time Passsword Algorithm as per RFC 4226 and the Time-based One-time Password Algorithm as per RFC 6238. These are also the algorithms many mobile-based 2FA apps, such as Google Authenticator and Authy, use to generate 2FA codes.


Just add the library as a dependency by adding the following section to your Cargo.toml file.


git = "https://github.com/WesleyBatista/rust-otp"


   // first argument is the secret, second argument is the counter
    println!("HOTP: {:?}", otp::make_hotp("base32secret3232".to_ascii_uppercase().as_str(), 0).unwrap());
    assert_eq!(otp::make_hotp(&"base32secret3232".to_ascii_uppercase(), 0).unwrap(), 260182);

    // first argument is the secret, followed by the time step in seconds (Google
    // Authenticator uses a time step of 30), and then the skew in seconds
    // (often used when calculating HOTPs for a sequence of consecutive
    // time intervals, to deal with potential latency and desynchronization).

    println!("TOTP: {:?}", otp::make_totp(&("base32secret3232".to_ascii_uppercase()), 30, 0).unwrap());
    // there is a non-zero possibility of this assertion failing
    assert_ne!(otp::make_totp(&"base32secret3232".to_ascii_uppercase(), 30, 0).unwrap(), 260182_u32);


rust-otp is licensed under the MIT license. The full license is included in this repository in LICENSE.md.


~283K SLoC