Authdata, preauth plugin headers

Cornelius Kölbel cornelius.koelbel at lsexperts.de
Mon Jun 13 13:06:03 EDT 2011


This depends on the otp backend.
A time based otp value is valid during a time window of usually 30 or 60
seconds.

The backend can store the last used timebased counter.
Thus the  decent backend of course invalidates the otp value from this
window, when it was used.
i.e. the user can not authenticate within the next 29 seconds.

Kind regards
Cornelius

Am 13.06.2011 18:25, schrieb Russ Allbery:
> Linus Nordberg <linus at nordu.net> writes:
>
>> What kind of OTP systems are vulnerable to replay attacks?
> TOTP is, isn't it?  Time-based OTP doesn't, so far as I understand it,
> store a sequence number, so there isn't a non-time way of invalidating
> used codes.
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20110613/c7666ae9/attachment.bin


More information about the krbdev mailing list