[RADIATOR] TOTP Question

Hugh Irvine hugh at open.com.au
Tue Sep 21 18:14:30 CDT 2010


Hello Matthew -

The draft RFC doesn't mention replay attacks at all, so we are inclined to wait until the final spec comes out.

regards

Hugh


On 22 Sep 2010, at 08:51, Matthew Reeves-Hairs wrote:

> Hugh,  is there any indication if this will be changed to stop replay attacks on totp?
> 
> Thanks
> 
> Matthew Reeves-Hairs MBCS
> (CCNA, CCNP, CCDA)
> Director
> 
> Willow ICT Limited
> 13 Willow Close
> Great Hormead
> Hertfordshire, SG9 0NW
> Mobile: +44 (0)7912 202627
> Fax: +44 (0)7092 361501
> matthew.reeves-hairs at willowict.com
> http://www.willowict.com
> 
> Please consider the environment before printing this email.
> 
> The content of this email and any attachment is private and may be privileged.  If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised.  If you have received this email in error please notify the sender by email and delete this message and any attachments immediately.  Nothing in this email shall bind the Company in any contract or obligation, unless we have specifically agreed to be bound.
> 
> Sent from my iPad
> 
> On 20 Sep 2010, at 15:55, Matthew Reeves-Hairs <matthew.reeves-hairs at willowict.com> wrote:
> 
>> Hugh,
>> Can you say if you will be adopting the newer standard as published on the oath web site?
>> 
>> Regards
>> 
>> Matthew Reeves-Hairs MBCS
>> (CCNA, CCNP, CCDA)
>> Director
>> 
>> Willow ICT Limited
>> 13 Willow Close
>> Great Hormead
>> Hertfordshire, SG9 0NW
>> Mobile: +44 (0)7912 202627
>> Fax: +44 (0)7092 361501
>> matthew.reeves-hairs at willowict.com
>> http://www.willowict.com
>> 
>> Please consider the environment before printing this email.
>> 
>> The content of this email and any attachment is private and may be privileged.  If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised.  If you have received this email in error please notify the sender by email and delete this message and any attachments immediately.  Nothing in this email shall bind the Company in any contract or obligation, unless we have specifically agreed to be bound.
>> 
>> Sent from my iPad
>> 
>> On 20 Sep 2010, at 09:22, Hugh Irvine <hugh at open.com.au> wrote:
>> 
>>> 
>>> Hello Matthew -
>>> 
>>> The current implementation conforms to draft-mraihi-totp-timebased-06.txt, 
>>> which has nothing to say about replay attacks (though perhaps it should).
>>> 
>>> regards
>>> 
>>> Hugh
>>> 
>>> 
>>> On 18 Sep 2010, at 23:12, Matthew Reeves-Hairs wrote:
>>> 
>>>> Hi,
>>>> I have notice that with TOTP even with the TimeStep set to 0 it is still possible to use the same otp more once, is this correct?
>>>> 
>>>> Most time based OTP systems I've used reject the otp if it has already been used and you have to wait for the next time window.
>>>> 
>>>> Hugh, can you comment on this.
>>>> 
>>>> Regards
>>>> 
>>>> Matthew Reeves-Hairs MBCS
>>>> (CCNA, CCNP, CCDA)
>>>> Director
>>>> 
>>>> Willow ICT Limited
>>>> 13 Willow Close
>>>> Great Hormead
>>>> Hertfordshire, SG9 0NW
>>>> Mobile: +44 (0)7912 202627
>>>> Fax: +44 (0)7092 361501
>>>> matthew.reeves-hairs at willowict.com
>>>> http://www.willowict.com
>>>> <image.png>
>>>> Please consider the environment before printing this email.
>>>> 
>>>> The content of this email and any attachment is private and may be privileged.  If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised.  If you have received this email in error please notify the sender by email and delete this message and any attachments immediately.  Nothing in this email shall bind the Company in any contract or obligation, unless we have specifically agreed to be bound.
>>>> 
>>>> _______________________________________________
>>>> radiator mailing list
>>>> radiator at open.com.au
>>>> http://www.open.com.au/mailman/listinfo/radiator
>>> 
>>> 
>>> 
>>> NB: 
>>> 
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets), 
>>> together with a trace 4 debug showing what is happening?
>>> 
>>> -- 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> Includes support for reliable RADIUS transport (RadSec),
>>> and DIAMETER translation agent.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>> 
>>> 
>>> 



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list