[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-Toolkit-help] OATH token time drift / synchronisation turnarou
From: |
Andrew McGlashan |
Subject: |
Re: [OATH-Toolkit-help] OATH token time drift / synchronisation turnaround |
Date: |
Mon, 22 Jul 2013 04:46:18 +1000 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 |
Hi,
Try again, with quicker and better way to get server's time.
On 6/06/2013 9:21 PM, Simon Josefsson wrote:
> Ilkka Virta <address@hidden> writes:
>
>>> And there is also time zone confusion
>>> to take into account as another source of clock differences.
>>
>> It's all in UTC, so there shouldn't be any time zone confusion, unless
>> somebody is doing something really wrong, right?
>
> Right. I'm guessing it isn't completely uncommon if you have a wide
> variety of devices generating TOTPs (PCs, tablets, cell phones, etc).
I've got another idea.....
This will get the date/time from a server, Google in this instance:
curl -D- http://google.com 2>/dev/null| \
grep ^Date|sed 's/^Date: //'|tr -d '\r\n'
I've used that to sync TOTP generation with oathtool on Debian Wheezy
like this:
#!/bin/bash
SECRET=my_base32_secret
SERVER_URL=http://google.com
while :
do
NOW=$(curl -D- $SERVER_URL 2>/dev/null| \
grep ^Date|sed 's/^Date: //'|tr -d '\r\n')
echo "$NOW -- $(date) -- $( \
/usr/bin/oathtool --totp -b -d 6 \
--now="$NOW" $SECRET \
)"
sleep 1
done
It's a bit kludgy, but it gives you an idea as to how we might add in
server specific results -- making sure to use THEIR time ... so the
result is always virtually in sync with the target server that the TOTP
will be used with.
Perhaps a parameter for the host to check time from.
What do you think?
Cheers
--
Kind Regards
AndrewM