one time password

0 athuman said · February 9, 2015
My project is about SECURE ONLINE TRANSACTION BY USING ONE TIME PASSWORD And the language i have chosen to use is PHP .I need your help guys on the following aspect

  • how could i generate the one time password by php

  • how to send the one time password from server to mobile

  • host who can support my project

Post a Reply


Oldest  Newest  Rating
0 c student · February 9, 2015
there seems to be problems when you use this method... but maybe there is a lack of information about this service
1.  how would a registered user of the service be recognised?  how do you know if the user is legitimate?  you would need some form of login and that requires a secret key of some sort to gain access.
2.  if you don't identify a legitimate user, that means anyone can request a secret key from the service.  that raises an issue if and attacker uses mitm to steal the information when sending, or, if the attacker has access to the sent address, such as email.
3.  assuming the attacker does not have access to the destination address of the secret key, if you use a form of pseudo-rng to generate the secret keys, if the attacker observes the information for long enough, they may and will eventually find the pattern to your key generator.
4.  if an attacker does request a key from the service, it also brings the issue of the expiration of the secret key.  if there is no expiration of the key until it is used, the attacker can and will crack your password within the time frame, especially if you use md5 hashing algorithm since it is insecure as it has more collisions than the current sha hash algorithm.
0 Calvin Sienatra · February 9, 2015
You can generate passwords using uniqid() and put it on a database, then after a client uses the password the password that is stored on the database is destroyed/deleted. I guess mobile means a device, an app or something, for that you need to create your own application and connect it to the database to fetch the passwords. A little heads up, this is not the most secure thing in the whole universe, but you can use md5/sha to encrypt your passwords but it doesn't do very much.
  • 1



Server-side, HTML embedded scripting language used to create dynamic Web pages.