Re: [RADIATOR] Time Drifting totp Tokens

Tue, 16 Nov 2010 13:56:20 -0800 

Hi Steffen,

Thanks for the patch. It is now in the latest patch  set.

Cheers.

On Wednesday 17 November 2010 07:29:51 am Steffen Weinreich wrote:
>  Hi!
>
> I have found one of my Feilian c200 Token which has been drifted into
> the future. At the moment its is about 40 sec in the future and
> therefore a fresh entered PIN could be rejected since from the POV of
> the Radius Server the Token is not yet valid.
>
> For now I have changed AuthSQLTOTP.pm to take also a look into the
> future for the Token Code, but if the token continue to drift away from
> the "right" time, it could be nessessary to add some code to deal with
> time drifting....
>
> The same also happens with software tokens with a incorrect time, but
> this is fixable by the user....
>
> Please find by Patch included below:
>
> cheerio
>    Steve
>
> --
> Wenn es Politikern die Sprache verschlägt, halten sie eine Rede.
>
>
> --- ../p1/Radius/AuthSQLTOTP.pm 2010-10-26 22:04:40.000000000 +0000
> +++ Radius/AuthSQLTOTP.pm       2010-11-16 17:23:53.000000000 +0000
> @@ -186,7 +186,7 @@
>      $Radius::TOTP::X = $self->{TimeStep};
>      $Radius::TOTP::T0 = $self->{TimeStepOrigin};
>      my $T;
> -    for ($delay_counter = 0; $delay_counter <= $self->{DelayWindow};
> $delay_counter++)
> +    for ($delay_counter = -$self->{DelayWindow}; $delay_counter <=
> $self->{DelayWindow}; $delay_counter++)
>      {
>         $T = Radius::TOTP::totp_timestep($recv_time, $delay_counter);
>         my $totp = Radius::TOTP::totp_compute_sha1(pack('H*', $secret),
> $T, $digits);
>
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator



-- 
Mike McCauley                               [email protected]
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to