Hi, On 6/06/2013 9:21 PM, Simon Josefsson wrote: > Ilkka Virta <[email protected]> writes: > >>> And there is also time zone confusion >>> to take into account as another source of clock differences. >> >> It's all in UTC, so there shouldn't be any time zone confusion, unless >> somebody is doing something really wrong, right? > > Right. I'm guessing it isn't completely uncommon if you have a wide > variety of devices generating TOTPs (PCs, tablets, cell phones, etc).
I've got another idea..... This will get the date/time from a server, Google in this instance: wget --server-response http://google.com -O /dev/null 2>&1|grep ^\ \ Date|tail -1|sed 's/^ Date: //'|tr -d '\n' I've used that to sync TOTP generation with oathtool on Debian Wheezy like this: #!/bin/bash SECRET=my_base32_secret SERVER_URL=http://google.com while : do NOW=$( \ wget --server-response $SERVER_URL \ -O /dev/null 2>&1| \ grep ^\ \ Date|tail -1| \ sed 's/^ Date: //'|tr -d '\n' \ ) echo "$NOW -- $(date) -- $( \ /usr/bin/oathtool --totp -b -d 6 \ --now="$NOW" $SECRET \ )" sleep 1 done It's a bit kludgy, but it gives you an idea as to how we might add in server specific results -- making sure to use THEIR time ... so the result is always virtually in sync with the target server that the TOTP will be used with. Perhaps a parameter for the host to check time from. What do you think? Cheers -- Kind Regards AndrewM
