Your company here — click to reach over 10,000 unique daily visitors

otp - Man Page

One-Time Passwords


package require Tcl  8.2

package require otp  ?1.0.0?

::otp::otp-md4 ?-hex? ?-words? -seed seed -count count data

::otp::otp-md5 ?-hex? ?-words? -seed seed -count count data

::otp::otp-sha1 ?-hex? ?-words? -seed seed -count count data

::otp::otp-rmd160 ?-hex? ?-words? -seed seed -count count data


This package is an implementation in Tcl of the One-Time Password system as described in RFC 2289 (1). This system uses message-digest algorithms to sequentially hash a passphrase to create single-use passwords. The resulting data is then provided to the user as either hexadecimal digits or encoded using a dictionary of 2048 words. This system is used by OpenBSD for secure login and can be used as a SASL mechanism for authenticating users.

In this implementation we provide support for four algorithms that are included in the tcllib distribution: MD5 (2), MD4 (3), RIPE-MD160 (4) and SHA-1 (5).


::otp::otp-md4 ?-hex? ?-words? -seed seed -count count data

::otp::otp-md5 ?-hex? ?-words? -seed seed -count count data

::otp::otp-sha1 ?-hex? ?-words? -seed seed -count count data

::otp::otp-rmd160 ?-hex? ?-words? -seed seed -count count data


% otp::otp-md5 -count 99 -seed host67821 "My Secret Pass Phrase"
(binary gibberish)
% otp::otp-md5 -words -count 99 -seed host67821 "My Secret Pass Phrase"
% otp::otp-md5 -hex -count 99 -seed host67821 "My Secret Pass Phrase"



Haller, N. et al., "A One-Time Password System", RFC 2289, February 1998. http://www.rfc-editor.org/rfc/rfc2289.txt


Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, MIT and RSA Data Security, Inc, April 1992. (http://www.rfc-editor.org/rfc/rfc1321.txt)


Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT, April 1992. (http://www.rfc-editor.org/rfc/rfc1320.txt)


H. Dobbertin, A. Bosselaers, B. Preneel, "RIPEMD-160, a strengthened version of RIPEMD" http://www.esat.kuleuven.ac.be/~cosicart/pdf/AB-9601/AB-9601.pdf


"Secure Hash Standard", National Institute of Standards and Technology, U.S. Department Of Commerce, April 1995. (http://www.itl.nist.gov/fipspubs/fip180-1.htm)

Bugs, Ideas, Feedback

This document, and the package it describes, will undoubtedly contain bugs and other problems. Please report such in the category otp of the Tcllib Trackers [http://core.tcl.tk/tcllib/reportlist]. Please also report any ideas for enhancements you may have for either package and/or documentation.

When proposing code changes, please provide unified diffs, i.e the output of diff -u.

Note further that attachments are strongly preferred over inlined patches. Attachments can be made by going to the Edit form of the ticket immediately after its creation, and then using the left-most button in the secondary navigation bar.

See Also

SASL, md4, md5, ripemd160, sha1


hashing, message-digest, password, rfc 2289, security


Hashes, checksums, and encryption


1.0.0 tcllib RFC 2289 A One-Time Password System