Authdata, preauth plugin headers
Cornelius Kölbel
cornelius.koelbel at lsexperts.de
Mon Jun 13 13:06:03 EDT 2011
This depends on the otp backend.
A time based otp value is valid during a time window of usually 30 or 60
seconds.
The backend can store the last used timebased counter.
Thus the decent backend of course invalidates the otp value from this
window, when it was used.
i.e. the user can not authenticate within the next 29 seconds.
Kind regards
Cornelius
Am 13.06.2011 18:25, schrieb Russ Allbery:
> Linus Nordberg <linus at nordu.net> writes:
>
>> What kind of OTP systems are vulnerable to replay attacks?
> TOTP is, isn't it? Time-based OTP doesn't, so far as I understand it,
> store a sequence number, so there isn't a non-time way of invalidating
> used codes.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20110613/c7666ae9/attachment.bin
More information about the krbdev
mailing list