From WikiChip
$totp Identifier - mIRC
< mirc‎ | identifiers

$totp returns a TOTP (Time-based One-time Password) based on the specified parameters.

See the Wikipedia page for TOTP for details.


$totp(key[, time[, hash[, digits[, timestep]]]]) </pre>


  • key - the key is required and can be base16 format of either 40, 64 or 128 chars; or in a mix of spaces and base32 chars of either 16, 24 or 32 length; or a base32 econding string of any multiple of 8 greater than 8; or plain text - see $hotp for more details.
  • time - optional, a time in second, default to $ctime ("in seconds" assumes that 'timestep' is also defined in seconds)
  • hash - optional, hashing algorithm, default to sha1 (Other possibles: md5, sha256, sha384, sha512 )
  • digits - optional, number of digits, default to 6 (Valid: 3 thru 9)
  • timestep - optional, number of timestep, default to 30 when parameter is not a number 1-3600
  • Note: "Optional" parameters are not allowed to be $null when defining later parameters.
  • Output number is the same for all "time" values where $int($calc(time / timestep)) is the same N value. An application allowing a "grace period" for recognizing tokens for multiple intervals must calculate result where time=time+timestep and time=time-timestep.
  • $totp is equivalent to $hotp(key , $int(time / $iif(timestep isnum 1-3600,$v1,30)) , hash , digits )
  • (See $hotp for more details how $totp and $hotp parse 'key' for hex/base32 encoding vs plaintext.)




Password changing every hour on-the-hour (long intervals are NOT recommended)
//echo -a $totp(Secret case-sensitive Pass Key,$ctime,sha512,9,3600)
Because password is short, allowed-retries and length of interval should be short enough to deter brute-force attempts.
recognize password reply for the current 30-sec interval plus the prior or following intervals. Uses defaults sha1, 6 digits, and 30 sec interval:
var %t1 $ctime , %t2 = $ctime + 30 , %t3 = $ctime - 30
var %totp1 $totp(Secret Key,%t1) , %totp2 $totp(Secret Key,%t2) , %totp3 $totp(Secret Key,%t3)
if ($istok(%totp1 %totp2 %totp3,%reply,32)) goto Accepted
For internal use only because $ticks is different for everyone, password changes every 2 seconds, but not necessarily at :00 seconds.
$totp(Secret Key,$ticks,sha256,9,2000)
Because timestep outside the range 1-3600 defaults to 30, must calculate interval separately.
//echo -a $totp(secret,$ticks,sha256,9,86400) changes every 30 seconds because invalid timestep.
//var %interval $int($calc(($ctime - $timezone)  / 86400)) | echo -a password for day %interval is $totp(secret,%interval,sha256,9,1)
$totp is a specific usage of $hotp, using the number of timestep intervals as the counter.
//var %key password , %ctime $ctime , %timestep 30 , %digits 9 , %hash sha256 , %interval $int($calc($ctime / %timestep)) | echo -a interval %interval ctime %ctime $totp(%key,%ctime,%hash,%digits,%timestep) same as $hotp(%key,%interval,%hash,%digits)


Added: mIRC v7.42
Added on: 17 Jul 2015
Note: Unless otherwise stated, this was the date of original functionality.
Further enhancements may have been made in later versions.

See Also[edit]