[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-Toolkit-help] Patch to include totp validation to the pam modu
|
From: |
Frank Epperlein |
|
Subject: |
Re: [OATH-Toolkit-help] Patch to include totp validation to the pam module |
|
Date: |
Fri, 06 May 2011 17:01:25 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 |
Am 06.05.2011 12:56, schrieb Giovanni Bajo:
> In fact, if you look at the documentation of the UsersFile here:
> http://code.google.com/p/mod-authn-otp/wiki/UsersFile
> the 6th field is "The previous successfully used one-time password". I
> guess this is to support TOTP correctly.
Yes, but this is only the last successfully used OTP. If someone
captures your logins he can reuse the captured OTP at the moment you
successfuly commit one more OTP within the window-time. This requires to
log all used OTP (what would fit the definition of "window") or to
reject all OTP older then the last successfully committed one (what is
possible without changing the users-file).
So - if i understood it correctly all needed information even exists?
> BTW, does the branch code correctly identify a TOTP token as "HOTP/TXX"
> in the users file?
Yes it was correctly identified - i also tried the 30 and 60 seconds
definition. In my case this worked perfectly (also the "HOTP/TXX/X" way
to define the number of digits).
Frank