This week I worked on the HMAC-based one-time password (HOTP) key which is used to encrypt the message. The encryption is achieved using a key and a counter. The HOTP code is based on a work done by one of the previous interns. As Dr. Shawn pointed out, the main problem with HOTP is that it needs to store the key and the counter on the flash memory which will reduce the life expectancy of the memory. The alternative method is to use other types of OTPs such as TOTP. This method relies on time, instead of a counter.

Curl & Openssl

Through out my work, I have been using curl and OpenSSL for debugging and testing purpose I thought I would share a summary of the most useful commands that I have been using. A good reference for curl can be found HERE.

$ openssl s_client -debug -host -port 443

$ curl -k -i https://<IP address>

These 2 commands will just send a GET request and show the response from the server. The OpenSSL command will show all the hex files that are being transmitted where as, the curl command will only show the response.

$ curl -k -X <command> https://<IP address>

This command can be used to test the CORS protocol. For example:

$ curl -k -X OPTION https://<IP address>

$ curl -k -X PUT -d “ABC” https://


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.