List of compatible tokens

In theory, all tokens confirming to RFC 4226 or RFC 6238 should work. The following list contains all tokens I have personally tested and know that they work.

I will gladly test any available tokens and add them to the list. If you're developer or manufacturer of hardware or software token and want to your solution tested and published here, send me an e-mail to michal.valasek (at) altairis.cz.

Time-based tokens

Platform Type Digits Checksum Time step HMAC algorithm Secret type Secret length Secret format Source
Hardware Feitian c200 H3 6 none 60 HMACSHA1 hardcoded 160 bits Base16 Gooze
Hardware Feitian c200 H17 6 none 60 HMACSHA1 hardcoded 160 bits Base16 Gooze
Windows Phone 7 Authenticator 6 none 30 HMACSHA1 entered any Base32 Marketplace

Event-based tokens

Platform Type Digits Checksum HMAC algorithm Secret type Secret length Secret format Source
Hardware Feitian c100 6 none HMACSHA1 hardcoded 160 bits Base16 Gooze

Notes

  • Platform is either hardware for physical tokens or name of platform the software is running on.
  • Type is the token type or software name.
  • Digits is number of digits, excluding the checksum (if present).
  • Checksum indicates if the token includes checksum number in the password.
  • Time step (TOTP only) is time interval (in seconds) in which new password is generated.
  • HMAC algorithm is name of the algorithm used.
  • Secret type can have three values:
    • hardcoded - the secret is hardcoded in the (most likely hardware) token and cannot be changed; you should receive it when buying the token.
    • entered - the secret must be entered into the software token by user during activation.
    • generated - the secret is generated by the software token during activation and displayed to used.
  • Secret length is length of the secret in bits. Technically, the secret can be of any length.
  • Secret format is format in which the secret is displayed/delivered or must be entered.
  • Source is where I got the token from, such as e-shop, manufacturer or download location.

Please note that some tokens can be customized and can have different specifications per request. For example it looks like Feitian tokens can have 6-8 numbers and the time step can be either 30 to 60 seconds.

Last edited Jul 29, 2011 at 4:59 PM by altair, version 1

Comments

No comments yet.