[RADIATOR] Time Drifting totp Tokens

Mike McCauley mikem at open.com.au
Tue Nov 16 15:55:59 CST 2010 

Hi Steffen,

Thanks for the patch. It is now in the latest patch  set.

Cheers.

On Wednesday 17 November 2010 07:29:51 am Steffen Weinreich wrote:
>  Hi!
>
> I have found one of my Feilian c200 Token which has been drifted into
> the future. At the moment its is about 40 sec in the future and
> therefore a fresh entered PIN could be rejected since from the POV of
> the Radius Server the Token is not yet valid.
>
> For now I have changed AuthSQLTOTP.pm to take also a look into the
> future for the Token Code, but if the token continue to drift away from
> the "right" time, it could be nessessary to add some code to deal with
> time drifting....
>
> The same also happens with software tokens with a incorrect time, but
> this is fixable by the user....
>
> Please find by Patch included below:
>
> cheerio
>    Steve
>
> --
> Wenn es Politikern die Sprache verschlägt, halten sie eine Rede.
>
>
> --- ../p1/Radius/AuthSQLTOTP.pm 2010-10-26 22:04:40.000000000 +0000
> +++ Radius/AuthSQLTOTP.pm       2010-11-16 17:23:53.000000000 +0000
> @@ -186,7 +186,7 @@
>      $Radius::TOTP::X = $self->{TimeStep};
>      $Radius::TOTP::T0 = $self->{TimeStepOrigin};
>      my $T;
> -    for ($delay_counter = 0; $delay_counter <= $self->{DelayWindow};
> $delay_counter++)
> +    for ($delay_counter = -$self->{DelayWindow}; $delay_counter <=
> $self->{DelayWindow}; $delay_counter++)
>      {
>         $T = Radius::TOTP::totp_timestep($recv_time, $delay_counter);
>         my $totp = Radius::TOTP::totp_compute_sha1(pack('H*', $secret),
> $T, $digits);
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list