notp icon indicating copy to clipboard operation
notp copied to clipboard

Published 20 hours ago verified publisher icon guyht

100 clock skew is too huge

Open homakov opened this issue 10 years ago • 4 comments

https://twitter.com/homakov/status/658318926888239104 much easier to bruteforce

homakov avatar Oct 25 '15 16:10 homakov

hey @guyht , could you please take a look at this PR? It addresses a valid issue but never gotten merged in.

naz avatar Sep 22 '16 12:09 naz

Apologies. I'll go through the backlog this weekend.

On Thu, Sep 22, 2016, 20:45 Nazar Gargol [email protected] wrote:

hey @guyht https://github.com/guyht , could you please take a look at this PR? It addresses a valid issue but never gotten merged in.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/guyht/notp/pull/36#issuecomment-248893364, or mute the thread https://github.com/notifications/unsubscribe-auth/AAXgQ4Qze92RGlPGs6MMVbXwfF4pxLEdks5qsnhpgaJpZM4GVO8e .

guyht avatar Sep 23 '16 00:09 guyht

@gargol @homakov any reason we pick 3? Fully on board that 100 is too many, but 6 is a pretty small window. Are there any comparisons we can draw to other libraries for what is standard?

guyht avatar Sep 23 '16 02:09 guyht

There's no clock skeq requirement so 3 is rather a standard. Check sakurity.com/otp to see how bad it gets with 100.

homakov avatar Sep 23 '16 15:09 homakov