# Module `Twostep.HOTP`

Module for HOTP algorithm.

`val secret : ?bytes:int -> unit -> string`

Generates a valid Base-32 OTP secret (for both HOTP and TOTP algorithms, but don't mix them with the same secret, instead, generate a secret for every kind of usage). The optional

`bytes`

parameter represents the size of underlying binary/blob string of the encoded Base-32 secret. Such parameter must be at least`10`

and*an integer divisible by 5*.

`val codes : ?digits:int -> ?hash:string -> ?amount:int -> counter:int -> secret:string -> unit -> string list`

Generates a sequence of HOTP tokens/codes with length

`amount`

(defaults to`1`

), where every code string has the size of optional parameter`digits`

(defaults to`6`

). The optional parameter`secret`

must be a valid Base-32 string and`counter`

is possibly retrieved from some storage. The default`hash`

algorithm is`"SHA-1"`

, but the hashes`"SHA-256"`

and`"SHA-512"`

also work.

`val verify : ?digits:int -> ?hash:string -> ?ahead:int -> counter:int -> secret:string -> codes:string list -> unit -> bool * int`

Operation to verify a sequence of codes with optional look-

`ahead`

parameter (defaults to`0`

, a constraint for how much the server's counter can differ from client's counter, so it attempts to sync-in by incrementing the counter),`digits`

of every HOTP string code (defaults to`6`

) and underlying`hash`

algorithm for internal HMAC (defaults to`"SHA-1"`

, values`"SHA-256"`

and`"SHA-512"`

are also accepted). The`secret`

parameter must be a valid Base-32 secret. The`counter`

is a nonce persisted on storage for given end-user. A non-empty list of`codes`

provided by the client/end-user is a sequence generated with counters applied in an incremental way for every code. Returns a pair of verification status (`true`

or`false`

) and a resynchronized next counter to replace the current counter on storage (only if verification is successful with`true`

, otherwise the counter is not updated and returns the same counter of operation input).