[RADIATOR] Time Drifting totp Tokens
Steffen Weinreich
steve at weinreich.org
Tue Nov 16 15:29:51 CST 2010
Hi!
I have found one of my Feilian c200 Token which has been drifted into
the future. At the moment its is about 40 sec in the future and
therefore a fresh entered PIN could be rejected since from the POV of
the Radius Server the Token is not yet valid.
For now I have changed AuthSQLTOTP.pm to take also a look into the
future for the Token Code, but if the token continue to drift away from
the "right" time, it could be nessessary to add some code to deal with
time drifting....
The same also happens with software tokens with a incorrect time, but
this is fixable by the user....
Please find by Patch included below:
cheerio
Steve
--
Wenn es Politikern die Sprache verschlägt, halten sie eine Rede.
--- ../p1/Radius/AuthSQLTOTP.pm 2010-10-26 22:04:40.000000000 +0000
+++ Radius/AuthSQLTOTP.pm 2010-11-16 17:23:53.000000000 +0000
@@ -186,7 +186,7 @@
$Radius::TOTP::X = $self->{TimeStep};
$Radius::TOTP::T0 = $self->{TimeStepOrigin};
my $T;
- for ($delay_counter = 0; $delay_counter <= $self->{DelayWindow};
$delay_counter++)
+ for ($delay_counter = -$self->{DelayWindow}; $delay_counter <=
$self->{DelayWindow}; $delay_counter++)
{
$T = Radius::TOTP::totp_timestep($recv_time, $delay_counter);
my $totp = Radius::TOTP::totp_compute_sha1(pack('H*', $secret),
$T, $digits);
More information about the radiator
mailing list