We don’t allow questions seeking recommendations for software libraries, tutorials, tools, books, or other off-site resources. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
接受
或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
发布评论
评论(2)
您能否提供一些具体信息,例如目标编程语言?您希望如何发送 OTP(通过短信?)。
您可以使用 Amazon Simple notification service for SMS:http://aws.amazon.com/sns /
一般来说,如果可能的话,您最好让用户从一开始就选择密码。
编辑:
至于生成 OTP,您可能最好使用随机生成的内容,而不是散列某些内容。您可以尝试使用 UUID 版本 4。详细信息请参见:http://en.wikipedia。 org/wiki/Universally_unique_identifier#Version_4_.28random.29
PHP 有一个方法 uniqid() ,它可以为您提供一个有保证的唯一字符串,与此类似:4b3403665fea6
我在短信中想到的另一件事是,该公司 http://cdyne.com 有一个网站您可以连接以发送短信的服务。他们还提供文字转语音服务,可以实际拨打电话。
我仍然不明白 OTP 在您的身份验证模型中的位置,因此,为了让我在这方面提供更多帮助,您需要给我一些更多细节。
Can you please provide some specifics, such as, target programming language? How do you want the OTP delivered(via SMS?).
You may be able to use the Amazon Simple Notification service for the SMS : http://aws.amazon.com/sns/
Generally, you are better off letting the user pick their password from the start if possible.
EDIT:
As for generating the OTP, you are probably best off using something randomly generated as opposed to hashing something. You could try a UUID version 4. Details here: http://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_.28random.29
PHP has a method uniqid() which gives you a guaranteed unique string, similar to this: 4b3403665fea6
One more thing I thought of on the SMS, the company http://cdyne.com has a web service you can connect to send SMS. They have a text to speech service for actually placing calls too.
I still don't understand where OTP fits into your authentication model, so, for me to be of much more help there, you will need to give me some more specifics.
查看以下资源,其中详细描述了如何使用计数器或基于时间的算法编写一次性密码服务。
这两个示例都显示了参考实现,还显示了需要实现的针对黑客尝试的保护(例如限制)
一次性密码
基于时间的一次性密码
Take a look at the following resources which describe in detail how to code a one time password service using either a counter or time based algorithm.
Both examples show a reference implementation, also showing the protection against hacking attempts that need to be implemented (such as throttling)
One Time Password
Time Based One Time Password