for HOTP only specified the use of SHA-1 as an algorithm for the OTP and
HOTP added the use of SHA-256 and SHA-512, which had a longer and
different output length. MD5 on the other hand only uses 128 bytes of
output, which could sometimes cause an IndexOutOfBounds Exception, when
trying to read the last 4 bytes starting at byte 15. (Byte 16, 17 and 18
are outside the array bounds). Since the standard does not specify how
to implement the algorithm using MD5, the best solution was to change
the size of the array, instead of looping while fetching the values at
the indices. This is because the specification is very clear about how
to fetch the values: The Indices shall not loop, but rather just
increment. Since this is not standard conforming, we can only hope, that
this is compatible with other implementations, that feature MD5.
