[RADIATOR] TOTP Question

Matthew Reeves-Hairs matthew.reeves-hairs at willowict.com
Tue Sep 21 17:51:50 CDT 2010


Hugh,  is there any indication if this will be changed to stop replay attacks on totp?

Thanks

Matthew Reeves-Hairs MBCS
(CCNA, CCNP, CCDA)
Director

Willow ICT Limited
13 Willow Close
Great Hormead
Hertfordshire, SG9 0NW
Mobile: +44 (0)7912 202627
Fax: +44 (0)7092 361501
matthew.reeves-hairs at willowict.com
http://www.willowict.com

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged.  If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised.  If you have received this email in error please notify the sender by email and delete this message and any attachments immediately.  Nothing in this email shall bind the Company in any contract or obligation, unless we have specifically agreed to be bound.

Sent from my iPad

On 20 Sep 2010, at 15:55, Matthew Reeves-Hairs <matthew.reeves-hairs at willowict.com> wrote:

> Hugh,
>  Can you say if you will be adopting the newer standard as published on the oath web site?
> 
> Regards
> 
> Matthew Reeves-Hairs MBCS
> (CCNA, CCNP, CCDA)
> Director
> 
> Willow ICT Limited
> 13 Willow Close
> Great Hormead
> Hertfordshire, SG9 0NW
> Mobile: +44 (0)7912 202627
> Fax: +44 (0)7092 361501
> matthew.reeves-hairs at willowict.com
> http://www.willowict.com
> 
> Please consider the environment before printing this email.
> 
> The content of this email and any attachment is private and may be privileged.  If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised.  If you have received this email in error please notify the sender by email and delete this message and any attachments immediately.  Nothing in this email shall bind the Company in any contract or obligation, unless we have specifically agreed to be bound.
> 
> Sent from my iPad
> 
> On 20 Sep 2010, at 09:22, Hugh Irvine <hugh at open.com.au> wrote:
> 
>> 
>> Hello Matthew -
>> 
>> The current implementation conforms to draft-mraihi-totp-timebased-06.txt, 
>> which has nothing to say about replay attacks (though perhaps it should).
>> 
>> regards
>> 
>> Hugh
>> 
>> 
>> On 18 Sep 2010, at 23:12, Matthew Reeves-Hairs wrote:
>> 
>>> Hi,
>>> I have notice that with TOTP even with the TimeStep set to 0 it is still possible to use the same otp more once, is this correct?
>>> 
>>> Most time based OTP systems I've used reject the otp if it has already been used and you have to wait for the next time window.
>>> 
>>> Hugh, can you comment on this.
>>> 
>>> Regards
>>> 
>>> Matthew Reeves-Hairs MBCS
>>> (CCNA, CCNP, CCDA)
>>> Director
>>> 
>>> Willow ICT Limited
>>> 13 Willow Close
>>> Great Hormead
>>> Hertfordshire, SG9 0NW
>>> Mobile: +44 (0)7912 202627
>>> Fax: +44 (0)7092 361501
>>> matthew.reeves-hairs at willowict.com
>>> http://www.willowict.com
>>> <image.png>
>>> Please consider the environment before printing this email.
>>> 
>>> The content of this email and any attachment is private and may be privileged.  If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised.  If you have received this email in error please notify the sender by email and delete this message and any attachments immediately.  Nothing in this email shall bind the Company in any contract or obligation, unless we have specifically agreed to be bound.
>>> 
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>> 
>> 
>> 
>> NB: 
>> 
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets), 
>> together with a trace 4 debug showing what is happening?
>> 
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>> 
>> 
>> 


More information about the radiator mailing list