user3774630
Reputation: 266
one time password (OTP) expiry leeway
how does one set a leeway for timed expiry that will allow for a margin of error for example: 1 Minute?
Currently this is my rough implementation, I must add another check for the last minute in case that the server receives the message 00:01:00 and client sends 00:00:59;
/**Client**/
int minutesNow = timeInSeconds()/60;
String mySignature = genAlgo(minutesNow, firstPassword);
sendToServer(mySignature);
/**Server**/
int minutesNow = timeInSeconds()/60;
String userPassword = getUserPassword();
boolean result = verifySig(mySignature, userPassword, minutesNow);
if(!result)
{
result = verifySig(mySignature, userPassword, --minutesNow);
}
this question is an elaboration of Password Reset Link Expiry ... I need more details into the time +/-
Upvotes: 1
Views: 2636
Answers (1)
Denis Shokotko
Reputation: 235
You need just make several checks in server-side: for the current minute, minute ago and minute in future.
It would be look something like this:
/**Server**/
int validationWindow = 1; // in minutes
int minutesNow = timeInSeconds()/60;
String userPassword = getUserPassword();
int timeToCheck = minutesNow - validationWindow;
boolean result = verifySig(mySignature, userPassword, timeToCheck);
while (!result && timeToCheck <= minutesNow + validationWinwow) {
result = verifySig(mySignature, userPassword, ++timeToCheck);
}
Upvotes: 1
Related Questions
- OTP Expiration Check ASP.NET Core MVC
- cannot read OTP from message
- OTP-only authentication
- Is there a way to renew the OTP secret for user when using the Authy API?
- OTP expiration implementation in Android
- Android one time password (OTP) user registration/opening account
- How do I generate One time passwords (OTP / HOTP)?
- One-Time-Password in C# expires after a certain period?
- Lockout policy and one-time passwords
- one-time-password algorithm (both matematical, time based, and action based)