DEV Community

Discussion on: OTP verification without any Database

mkotzjan profile image
Michael Kotzjan

Hello @infamousmrs ,

@Anam explained his method using a hash algorithm but implemented it using a MAC, more specifically the HMAC algorithm. A hash would open his method for the attack suggested by you, but a MAC algorithm uses a cryptographic key to ensure that only the owner of the key is able to create a MAC. An attacker could therefore only try to brute force the complete MAC (at least 32 Bytes using HMAC).

The term Hash should be replaced by MAC in this article to avoid confusion