This one is a good link which describes all otps and which clients supports which spec.<div><br></div><div><a href="http://www.clavid.com/index.php?option=com_content&task=view&id=124&Itemid=157">http://www.clavid.com/index.php?option=com_content&task=view&id=124&Itemid=157</a> <br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">2012/12/18 Daniel Manzke <span dir="ltr"><<a href="mailto:daniel.manzke@googlemail.com" target="_blank">daniel.manzke@googlemail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I don't think that there is a official RFC. (I don't know one)<div><br></div><div>But: MOTP is used/supported by a lot of openid vendors and security companies like CA. </div><div><br></div><div>In our company we are using it with RADIUS server for VPN access. There are about 40 implementations.</div>
<div><br></div><div>We are preferring MOTP because it supports another level of security. With TOTP you have to share a secret. This secret will be shared with the help of a link or qrcode. This can be catched by a man in the middle attack.</div>
<div>In MOTP you also have a pin, which is used for token generation. </div><div><br></div><div><a href="http://motp.sourceforge.net/" target="_blank">http://motp.sourceforge.net/</a> <br></div><div><br></div><div><br></div>
<div>Bye,</div>
<div>Daniel</div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">2012/12/18 Douglas Campos <span dir="ltr"><<a href="mailto:qmx@qmx.me" target="_blank">qmx@qmx.me</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><br>
On Dec 16, 2012, at 8:27 PM, Daniel Manzke wrote:<br>
<br>
> Hey guys,<br>
><br>
> after 140 chars were not enough for matthias and bruno I decided to subscribe to the list. ;)<br>
><br>
> 1:<br>
> After working through aerogear-otp-java I took some hours to port it .NET. If you are interested I would like to contribute it after cleanup.<br>
><br>
> Are you interested? :)<br>
><br>
> 2:<br>
> Due to the fact that we are using Mobile-OTP in hour company I also took some time and have implemented it.<br>
> PoC is working.<br>
> Pull-Request will be submitted if ready.<br>
</div>What is the RFC for it? My quick search revealed nothing… is this non-standard?<br>
<div><br>
><br>
><br>
> Question: I saw that the Clock-Implementation is returning a static value for current time. So the token will be the same every time we call Totp.now().<br>
> Is it really what developers are expecting?<br>
> If I call now, I expect the time it was called not created. :)<br>
><br>
> Why not just use System.currentMilliSeconds()? It is UTC. ;)<br>
><br>
><br>
> Bye,<br>
> Daniel<br>
</div><div>> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
</div>-- qmx<br>
<div><div><br>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><div class="im">-- <br>Viele Grüße/Best Regards<br><br>Daniel Manzke<br>
</div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Viele Grüße/Best Regards<br><br>Daniel Manzke<br>
</div>