OTP S/KEY One Time password - Folding MD5 Digest output

Question

Hi there,

Im trying to create a one time password generator for a phone. In the RFC2289 it specifies that i must fold the output of the MD5, i'm using bouncy castle MD5 and i cant work out how to fold the byte array output.

for (int i = 0; i < 8; i++) { md5[i] ^= md5[i+8]; }

This is what i have so far

Answer 1

Probably, you want this:

for (int i = 0; i < 8; ++i)
    md5[i] ^= md5[i + 8];
return Arrays.copyOf(md5, 8);

This way, only the first 64 bits (which are used by OTP) is returned.