diff --git a/esphome/components/esphome/ota/ota_esphome.cpp b/esphome/components/esphome/ota/ota_esphome.cpp
index 90b08ad826..fbc14a0747 100644
--- a/esphome/components/esphome/ota/ota_esphome.cpp
+++ b/esphome/components/esphome/ota/ota_esphome.cpp
@@ -724,8 +724,11 @@ bool ESPHomeOTAComponent::prepare_auth_nonce_(HashBase *hasher) {
   // Calculate required buffer size using the hasher
   const size_t hex_size = hasher->get_size() * 2;
   const size_t nonce_len = hasher->get_size() / 4;
-  // Buffer needs: 1 (auth_type) + hex_size (nonce) + hex_size*2 (cnonce+response)
-  const size_t auth_buf_size = 1 + hex_size + hex_size * 2;
+  // Buffer needs to hold max of:
+  //   - During send: auth_type (1) + nonce (hex_size)
+  //   - During read: cnonce (hex_size) + response (hex_size)
+  // So max is hex_size * 2
+  const size_t auth_buf_size = hex_size * 2;
   this->auth_buf_ = std::make_unique<uint8_t[]>(auth_buf_size);
   this->auth_buf_pos_ = 0;