Generate counter-based one-time passwords per RFC 4226 (HOTP). Enter a Base32 shared secret, pick a starting counter, and get a window of codes — useful for provisioning hardware tokens, testing resync flows, or verifying server implementations.
HOTP (RFC 4226) uses an incrementing counter rather than time as the HMAC message. The same secret and counter always produce the same code — the server and token advance the counter after each successful verification. Drift is handled with a look-ahead window.
RFC 4226 test vectors (secret 12345678901234567890, i.e. Base32 GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ):
counter 0 → 755224, 1 → 287082, 2 → 359152, 3 → 969429.