[aerogear-dev] [OTP] Mobile-OTP / OTP for .NET

Daniel Manzke daniel.manzke at googlemail.com
Tue Dec 18 12:09:45 EST 2012 

I don't think that there is a official RFC. (I don't know one)

But: MOTP is used/supported by a lot of openid vendors and security
companies like CA.

In our company we are using it with RADIUS server for VPN access. There are
about 40 implementations.

We are preferring MOTP because it supports another level of security. With
TOTP you have to share a secret. This secret will be shared with the help
of a link or qrcode. This can be catched by a man in the middle attack.
In MOTP you also have a pin, which is used for token generation.

http://motp.sourceforge.net/


Bye,
Daniel


2012/12/18 Douglas Campos <qmx at qmx.me>

>
> On Dec 16, 2012, at 8:27 PM, Daniel Manzke wrote:
>
> > Hey guys,
> >
> > after 140 chars were not enough for matthias and bruno I decided to
> subscribe to the list. ;)
> >
> > 1:
> > After working through aerogear-otp-java I took some hours to port it
> .NET. If you are interested I would like to contribute it after cleanup.
> >
> > Are you interested? :)
> >
> > 2:
> > Due to the fact that we are using Mobile-OTP in hour company I also took
> some time and have implemented it.
> > PoC is working.
> > Pull-Request will be submitted if ready.
> What is the RFC for it? My quick search revealed nothing… is this
> non-standard?
>
> >
> >
> > Question: I saw that the Clock-Implementation is returning a static
> value for current time. So the token will be the same every time we call
> Totp.now().
> > Is it really what developers are expecting?
> > If I call now, I expect the time it was called not created. :)
> >
> > Why not just use System.currentMilliSeconds()? It is UTC. ;)
> >
> >
> > Bye,
> > Daniel
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> -- qmx
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Viele Grüße/Best Regards

Daniel Manzke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121218/fa5f2552/attachment.html

More information about the aerogear-dev mailing list