Further info on the bottom of the page.
API for testing passwords: https://otpwchain.harmenscholte.com/?action=test_password&name=name_of_chain&password=password_you_want_to_check
If the API is presented with a right chain name, it will either say "false" for an incorrect password, or "true" for a correct password.
Name should not already exist.
Recovery key should be at least 20 characters long.
Size should be at least one, and should be less than 20000.
If you inputted the right password, it will be removed from the chain. (one-time password chain)
Retrieve the latest password of the chain.
Get the number of still usable passwords of the chain.
You can create a one-time password chain list here. If you let your client application make a request to this site, you can create anonymous one-time authorizations.
The secret is a 33 length random bytes string. (cryptographically secure) (https://www.php.net/manual/en/function.random-bytes.php)
All the passwords are consecutive sha-256 hashes of this secret, creating the password chain.
The recovery key is also sha-256 hashed, I might also add a salt in the future, but for maximal security you only run this file locally of course.
Passwords are removed from the chain list after use, creating a structure with which you can give people one-time access to certain functionalities of your website.
This comes in handy, for example, when you only want to allow one (unregisterd/anonymous) user to perform a certain function at a time. (and only once)
See https://en.wikipedia.org/wiki/One-time_password for more information.