About jsotp

jsotp is a JavaScript implementation of a one-time password generator/calculator for the OTP and S/Key systems. It supports MD4, MD5, and SHA-1 hashing methods, by way of code written by Paul Johnston. It also supports RIPEMD-160, through some code that I wrote. This calculator was inspired by Harry Mantakos's Java applet OTP calculator (available at his site). If there's already a Java applet version, then why a JavaScript version? Because in regard to web browsers, JavaScript is still by far the most universally available programming language (I was actually very surprised that I couldn't find an existing JavaScript-based calculator). Also, I've added some enhancements that make jsotp basically the only thing you need for generating OTP and S/Key passwords: it runs in most semi-modern web browsers, can generate passwords for all of the hash methods commonly supported, and can generate single passwords, as well as lists of passwords suitable for printing. Another benefit is that if you're using jsotp remotely, it's relatively easy for you to verify that the copy you're using doesn't do anything funny, since you can easily view the source from within your browser.

If you're so inclined, jsotp can also be used as a divination tool. Just type in your question as the seed, enter your current favorite not-too-big number, and flail on the keyboard for a bit. Finally, pick your lucky hashing method to see what fate has in store for you today. It usually doesn't make much sense, but then again, what in life does?

Feel free to examine the source and host a copy of your own for better security. If you intend for other people also to use your copy, however, please at least retain a link back to the jsotp site.

Questions, comments, bug reports, etc? Email me.

What are OTP and S/Key, and why use them?

OTP and S/Key are one-time password systems. Unsurprisingly, OTP also stands for "one-time password". In these systems, you generate a sequence of hashes by repeatedly applying a secure one-way hash on a random seed value prepended to your secret passphrase. Then you can use the hashes as one-time passwords, in backwards order; since the hashes are one-way, knowing a hash later in the sequence will not help you compute an earlier hash in a reasonable amount of time. Note that since the hashes are just random-looking 64-bit numbers, they are usually converted to a six-word format to make it easier for the user to keep track of what he's typing. Also, while OTP generators are required to show the words in all uppercase, the server should not care what case they are in, so feel free to type an OTP in all lowercase.

OTP is basically a somewhat updated (and mostly compatible) version of the S/Key system created at Bellcore (which also owns the trademark on the name S/Key). OTP is described in RFC 2289, and S/Key is described in RFC 1760. You can also find some additional documents related to OTP authentication here. OTP and S/Key have generally not been all that useful since the advent of SSH, but I think they remain useful in two situations:

The source

jsotp is normally stripped of comments and whatnot to make it a tiny bit faster to download. There are also versions that include only one particular hashing method (MD4, MD5, SHA-1, RIPEMD-160) that provide a more noticeable decrease in page size (these contain all code inline, so you can just save the page without copying any other source files). And while it's not all that interesting, you can find the version with comments retained as otp.js in this directory.


jsotp is available under a BSD-style license. The HTML scaffolding on this site also falls under the same license. As mentioned previously, feel free to mirror whatever pages you need on your own webspace for better security (and again, note that the single-hash versions contain all code inline, so you can just save the page directly).

Jeremy Lin, Dec. 2003, Mar. 2004.