[Pkg-auth-maintainers] Bug#705939: support for time drift/offset with TOTP
Daniel Pocock
daniel at pocock.com.au
Mon Apr 22 14:02:48 UTC 2013
Package: dynalogin
Severity: wishlist
The TOTP spec (RFC 6238) suggests that a server should tolerate tokens
that don't have precise time sync with the server
See section 5.2 of the RFC, "The validation system should compare OTPs
not only with the receiving timestamp but also the past timestamps that
are within the transmission delay"
Initially, dynalogin could just detect if the client's clock is drifting
and log warnings. A more complete solution may allow dynalogin to
compensate for a client that is experiencing a loss of time
synchronisation at a constant rate, although this functionality should
be disabled by default.
More information about the Pkg-auth-maintainers
mailing list