Assume HMAC function is used to generate a 6-digt integers time-based onetime password. As follows:
$$K_h =\operatorname{HMAC}(k,t) = H((k\oplus\text{opad})\mathbin\| H((k\oplus\text{ipad})\mathbin\|t))$$
Then:
$$T=K_h \bmod 10^6$$ where $t$ is time, $k$ is a secret key, and $T$ is a one-time password.
Now assume that an attacker knows t and can observe unlimited number of one-time passwords. Is it possible for him to solve for the secret key ($k$)? References would be nice.
