Re: [OATH-Toolkit-help] OATH token time drift / synchronisation turnaround

[Andrew McGlashan]

Hi,

On 6/06/2013 9:21 PM, Simon Josefsson wrote:
> Ilkka Virta <address@hidden> writes:
> 
>>> And there is also time zone confusion
>>> to take into account as another source of clock differences.
>>
>> It's all in UTC, so there shouldn't be any time zone confusion, unless
>> somebody is doing something really wrong, right?
> 
> Right.  I'm guessing it isn't completely uncommon if you have a wide
> variety of devices generating TOTPs (PCs, tablets, cell phones, etc).

I've got another idea.....


This will get the date/time from a server, Google in this instance:

wget --server-response http://google.com -O /dev/null 2>&1|grep ^\ \
Date|tail -1|sed 's/^  Date: //'|tr -d '\n'


I've used that to sync TOTP generation with oathtool on Debian Wheezy
like this:


#!/bin/bash

SECRET=my_base32_secret
SERVER_URL=http://google.com

while :
do
        NOW=$( \
                wget --server-response $SERVER_URL \
                        -O /dev/null 2>&1| \
                        grep ^\ \ Date|tail -1| \
                        sed 's/^  Date: //'|tr -d '\n' \
        )
        echo "$NOW -- $(date) -- $( \
                /usr/bin/oathtool --totp -b -d 6 \
                        --now="$NOW" $SECRET \
        )"
        sleep 1
done



It's a bit kludgy, but it gives you an idea as to how we might add in
server specific results -- making sure to use THEIR time ... so the
result is always virtually in sync with the target server that the TOTP
will be used with.

Perhaps a parameter for the host to check time from.

What do you think?

Cheers

-- 
Kind Regards
AndrewM