3. Algorithm Requirements

3. Algorithm Requirements

This section summarizes the requirements taken into account for designing the TOTP algorithm.

R1: The prover (e.g., token, soft token) and verifier (authentication or validation server) MUST know or be able to derive the current Unix time (i.e., the number of seconds elapsed since midnight UTC of January 1, 1970) for OTP generation. See [UT] for a more detailed definition of the commonly known "Unix time". The precision of the time used by the prover affects how often the clock synchronization should be done; see Section 6.

R2: The prover and verifier MUST either share the same secret or the knowledge of a secret transformation to generate a shared secret.

R3: The algorithm MUST use HOTP [RFC4226] as a key building block.

R4: The prover and verifier MUST use the same time-step value X.

R5: There MUST be a unique secret (key) for each prover.

R6: The keys SHOULD be randomly generated or derived using key derivation algorithms.

R7: The keys MAY be stored in a tamper-resistant device and SHOULD be protected against unauthorized access and usage.