I don't think that there is a official RFC. (I don't know one)
But: MOTP is used/supported by a lot of openid vendors and security
companies like CA.
In our company we are using it with RADIUS server for VPN access. There are
about 40 implementations.
We are preferring MOTP because it supports another level of security. With
TOTP you have to share a secret. This secret will be shared with the help
of a link or qrcode. This can be catched by a man in the middle attack.
In MOTP you also have a pin, which is used for token generation.
http://motp.sourceforge.net/
Bye,
Daniel
2012/12/18 Douglas Campos <qmx(a)qmx.me>
On Dec 16, 2012, at 8:27 PM, Daniel Manzke wrote:
> Hey guys,
>
> after 140 chars were not enough for matthias and bruno I decided to
subscribe to the list. ;)
>
> 1:
> After working through aerogear-otp-java I took some hours to port it
.NET. If you are interested I would like to contribute it after cleanup.
>
> Are you interested? :)
>
> 2:
> Due to the fact that we are using Mobile-OTP in hour company I also took
some time and have implemented it.
> PoC is working.
> Pull-Request will be submitted if ready.
What is the RFC for it? My quick search revealed nothing… is this
non-standard?
>
>
> Question: I saw that the Clock-Implementation is returning a static
value for current time. So the token will be the same every time we call
Totp.now().
> Is it really what developers are expecting?
> If I call now, I expect the time it was called not created. :)
>
> Why not just use System.currentMilliSeconds()? It is UTC. ;)
>
>
> Bye,
> Daniel
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
-- qmx
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Viele Grüße/Best Regards
Daniel Manzke