[Pkg-auth-maintainers] Bug#705939: support for time drift/offset with TOTP

Daniel Pocock daniel at pocock.com.au
Mon Apr 22 14:02:48 UTC 2013


Package: dynalogin
Severity: wishlist

The TOTP spec (RFC 6238) suggests that a server should tolerate tokens
that don't have precise time sync with the server

See section 5.2 of the RFC, "The validation system should compare OTPs
not only with the receiving timestamp but also the past timestamps that
are within the transmission delay"

Initially, dynalogin could just detect if the client's clock is drifting
and log warnings.  A more complete solution may allow dynalogin to
compensate for a client that is experiencing a loss of time
synchronisation at a constant rate, although this functionality should
be disabled by default.



More information about the Pkg-auth-maintainers mailing list