2

I have developed the below program to generate OTP(One Time Password), now please advise is there nay other better and secure approach that i can used in context to OTP 

// Java code to explain how to generate OTP

// Here we are using random() method of util
// class in Java
import java.util.*;

public class NewClass
{
    static char[] OTP(int len)
    {
        System.out.println("Generating OTP using random() : ");
        System.out.print("You OTP is : ");

        // Using numeric values
        String numbers = "0123456789";

        // Using random method
        Random rndm_method = new Random();

        char[] otp = new char[len];

        for (int i = 0; i < len; i++)
        {
            // Use of charAt() method : to get character value
            // Use of nextInt() as it is scanning the value as int
            otp[i] =
             numbers.charAt(rndm_method.nextInt(numbers.length()));
        }
        return otp;
    }
    public static void main(String[] args)
    {
        int length = 4;
        System.out.println(OTP(length));
    }
}
Steve Vinoski
  • 19,847
  • 3
  • 31
  • 46
user1529641
  • 67
  • 2
  • 9
  • OTP is just a short truly random number. Used to verify a new device or path. So I suggest you simply use nextLong method of Random class, to generate a single long number rather than looping and generating a random number for each character. – SamwellTarly Mar 24 '18 at 03:42
  • @SamwellTarly Thanks request you to please show a code a bit so that i can grasp more a bit , provided the condition that i have to generate OTP of 4 digits only – user1529641 Mar 24 '18 at 03:55
  • This question is better suited for the code review stackoverflow. – Richard Barker Apr 08 '21 at 18:54

3 Answers3

1

As a comment points out, a one-time password is just a random number or string.

Looking at your code, you are using the Random class. This is fine for applications where the quality of the random sequence is largely irrelevant. However, the standard implementation of Random produces a highly predictable (autocorrelated) sequence of numbers; see https://stackoverflow.com/a/38345694/139985. You should use SecureRandom instead.

I suspect that your use of nextInt(numbers.length()) will amplify the autocorrelation ... so Samwell's suggestion would help if you continued to use Random.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
  • Thanks request you to please show a code bit so that i can grasp a more – user1529641 Mar 24 '18 at 03:58
  • Huh? The API for SecureRandom is virtually identical to Random. Look up the javadocs and compare them! – Stephen C Mar 24 '18 at 03:59
  • Sure , but a small request that can you change my implementation a bit written above with your understanding so that i can grasp more – user1529641 Mar 24 '18 at 04:01
  • 3
    Your request is declined. And seriously, isn't it obvious how to generate a 4 decimal digit random number? Generate a single random number in the range 0 to 9999, and convert it to a string with leading zeros. – Stephen C Mar 24 '18 at 04:03
0

Using Java 8+, the following code will generate a 4-digit OTP. Just replace 4 in the random.ints(...) method with the number of digits you require in your OTP.

Edit: I read that SecureRandom is another class for generating random numbers (that provides additional security). You may use that if you wish, depending on your needs, instead of the good old Random class.

...    
import java.util.Random;
//Or
//import java.security.SecureRandom;
...

Random random = new Random();
//Or
//SecureRandom random = new SecureRandom();

random.ints(4, 0, 10).mapToObj(Integer::toString).reduce((a, b) -> a + b)
    .ifPresent(System.out::println);

If you want to get the value into a String instead of just printing it then:

String otp = random.ints(4, 0, 10).mapToObj(Integer::toString)
    .reduce((a, b) -> a + b).get();
Mayank
  • 79
  • 6
-1

OTP is just a fixed length random text. It can be achieved with a single line of code (using UUID). See below example, which generates a 4 character OTP.

UUID.randomUUID().toString().substring(0, 4)
Pritesh Mhatre
  • 3,847
  • 2
  • 23
  • 27