Tcl Library Source Code
otp - RFC 2289 A One-Time Password System
Not logged in
Bounty program for improvements to Tcl and certain Tcl packages.

[ Main Table Of Contents | Table Of Contents | Keyword Index | Categories | Modules | Applications ]

otp(n) 1.0.0 tcllib "RFC 2289 A One-Time Password System"


otp - One-Time Passwords


This package is an implementation in Tcl of the One-Time Password system as described in RFC 2289 (1). This system uses message-digest algorithms to sequentially hash a passphrase to create single-use passwords. The resulting data is then provided to the user as either hexadecimal digits or encoded using a dictionary of 2048 words. This system is used by OpenBSD for secure login and can be used as a SASL mechanism for authenticating users.

In this implementation we provide support for four algorithms that are included in the tcllib distribution: MD5 (2), MD4 (3), RIPE-MD160 (4) and SHA-1 (5).


% otp::otp-md5 -count 99 -seed host67821 "My Secret Pass Phrase"
(binary gibberish)
% otp::otp-md5 -words -count 99 -seed host67821 "My Secret Pass Phrase"
% otp::otp-md5 -hex -count 99 -seed host67821 "My Secret Pass Phrase"


  1. Haller, N. et al., "A One-Time Password System", RFC 2289, February 1998.

  2. Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, MIT and RSA Data Security, Inc, April 1992. (

  3. Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT, April 1992. (

  4. H. Dobbertin, A. Bosselaers, B. Preneel, "RIPEMD-160, a strengthened version of RIPEMD"

  5. "Secure Hash Standard", National Institute of Standards and Technology, U.S. Department Of Commerce, April 1995. (

Bugs, Ideas, Feedback

This document, and the package it describes, will undoubtedly contain bugs and other problems. Please report such in the category otp of the Tcllib Trackers. Please also report any ideas for enhancements you may have for either package and/or documentation.


Hashes, checksums, and encryption