[aerogear-dev] OTP
Bruno Oliveira
bruno at abstractj.org
Tue Mar 24 09:28:42 EDT 2015
Good morning Erik, I'm not against the implementation, but I have some
considerations.
As you might know TOTP is short-lived, which means that they only apply
for certain amount of time, while HOTP is long-lived, which means that
someone eavesdropping the network could collect several HOTPs and reuse
then later.
Other thing to keep in mind is how to demo HOTP, at the moment we don't
have a server neither bandwidth do implement one.
Implement it or not it's up to you, but I would like to make sure that
you're aware about the issues with HOTP.
On 2015-03-23, Erik Jan de Wit wrote:
> Hi,
>
> I was adding otp support for windows and that started to make me wonder if
> it would be nice to add HOTP as well as TOTP for instance our linotp server
> uses this. The only difference between the two is that HOTP uses a counter
> that is incremented and TOTP is time based. So it would be fairly easy to
> implement and for instance on windows there aren't any apps that support
> both.
>
> Wdyt?
>
> --
> Cheers,
> Erik Jan
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
More information about the aerogear-dev
mailing list