[aerogear-dev] OTP
Erik Jan de Wit
edewit at redhat.com
Tue Mar 24 10:27:12 EDT 2015
Internally we make use of HOTP (via linotp) for our VPN and it works
around the problem of the long lived tokens by letting you use it only
once. The difference in implementation is not so great, it wouldn't take
long to build it in fact I've already created a PR for the java project.
https://github.com/aerogear/aerogear-otp-java/pull/16
On Tue, Mar 24, 2015 at 2:28 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> Good morning Erik, I'm not against the implementation, but I have some
> considerations.
>
> As you might know TOTP is short-lived, which means that they only apply
> for certain amount of time, while HOTP is long-lived, which means that
> someone eavesdropping the network could collect several HOTPs and reuse
> then later.
>
> Other thing to keep in mind is how to demo HOTP, at the moment we don't
> have a server neither bandwidth do implement one.
>
> Implement it or not it's up to you, but I would like to make sure that
> you're aware about the issues with HOTP.
>
> On 2015-03-23, Erik Jan de Wit wrote:
> > Hi,
> >
> > I was adding otp support for windows and that started to make me wonder
> if
> > it would be nice to add HOTP as well as TOTP for instance our linotp
> server
> > uses this. The only difference between the two is that HOTP uses a
> counter
> > that is incremented and TOTP is time based. So it would be fairly easy to
> > implement and for instance on windows there aren't any apps that support
> > both.
> >
> > Wdyt?
> >
> > --
> > Cheers,
> > Erik Jan
>
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Cheers,
Erik Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150324/7491feee/attachment.html
More information about the aerogear-dev
mailing list