[aerogear-dev] [OTP] Mobile-OTP / OTP for .NET
Daniel Manzke
daniel.manzke at googlemail.com
Tue Dec 18 12:14:36 EST 2012
This one is a good link which describes all otps and which clients supports
which spec.
http://www.clavid.com/index.php?option=com_content&task=view&id=124&Itemid=157
2012/12/18 Daniel Manzke <daniel.manzke at googlemail.com>
> I don't think that there is a official RFC. (I don't know one)
>
> But: MOTP is used/supported by a lot of openid vendors and security
> companies like CA.
>
> In our company we are using it with RADIUS server for VPN access. There
> are about 40 implementations.
>
> We are preferring MOTP because it supports another level of security. With
> TOTP you have to share a secret. This secret will be shared with the help
> of a link or qrcode. This can be catched by a man in the middle attack.
> In MOTP you also have a pin, which is used for token generation.
>
> http://motp.sourceforge.net/
>
>
> Bye,
> Daniel
>
>
> 2012/12/18 Douglas Campos <qmx at qmx.me>
>
>>
>> On Dec 16, 2012, at 8:27 PM, Daniel Manzke wrote:
>>
>> > Hey guys,
>> >
>> > after 140 chars were not enough for matthias and bruno I decided to
>> subscribe to the list. ;)
>> >
>> > 1:
>> > After working through aerogear-otp-java I took some hours to port it
>> .NET. If you are interested I would like to contribute it after cleanup.
>> >
>> > Are you interested? :)
>> >
>> > 2:
>> > Due to the fact that we are using Mobile-OTP in hour company I also
>> took some time and have implemented it.
>> > PoC is working.
>> > Pull-Request will be submitted if ready.
>> What is the RFC for it? My quick search revealed nothing… is this
>> non-standard?
>>
>> >
>> >
>> > Question: I saw that the Clock-Implementation is returning a static
>> value for current time. So the token will be the same every time we call
>> Totp.now().
>> > Is it really what developers are expecting?
>> > If I call now, I expect the time it was called not created. :)
>> >
>> > Why not just use System.currentMilliSeconds()? It is UTC. ;)
>> >
>> >
>> > Bye,
>> > Daniel
>> > _______________________________________________
>> > aerogear-dev mailing list
>> > aerogear-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>> -- qmx
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Viele Grüße/Best Regards
>
> Daniel Manzke
>
--
Viele Grüße/Best Regards
Daniel Manzke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121218/be4c1321/attachment.html
More information about the aerogear-dev
mailing list