[16877] in Kerberos_V5_Development
Re: Authdata, preauth plugin headers
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Cornelius_K=F6lbel?)
Mon Jun 13 13:06:15 2011
Message-ID: <4DF6437B.1090100@lsexperts.de>
Date: Mon, 13 Jun 2011 19:06:03 +0200
From: =?ISO-8859-1?Q?Cornelius_K=F6lbel?= <cornelius.koelbel@lsexperts.de>
MIME-Version: 1.0
To: krbdev@mit.edu
In-Reply-To: <87fwndk8bf.fsf@windlord.stanford.edu>
Content-Type: multipart/mixed; boundary="===============1144460652=="
Errors-To: krbdev-bounces@mit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1144460652==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enigB2E0C71540ADB0DF8F9AA556"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB2E0C71540ADB0DF8F9AA556
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
This depends on the otp backend.
A time based otp value is valid during a time window of usually 30 or 60
seconds.
The backend can store the last used timebased counter.
Thus the decent backend of course invalidates the otp value from this
window, when it was used.
i.e. the user can not authenticate within the next 29 seconds.
Kind regards
Cornelius
Am 13.06.2011 18:25, schrieb Russ Allbery:
> Linus Nordberg <linus@nordu.net> writes:
>
>> What kind of OTP systems are vulnerable to replay attacks?
> TOTP is, isn't it? Time-based OTP doesn't, so far as I understand it,
> store a sequence number, so there isn't a non-time way of invalidating
> used codes.
>
--------------enigB2E0C71540ADB0DF8F9AA556
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk32Q38ACgkQGUgIxT8zfHEC2QCfSEA0SKHgT79I/ec9Ucx3gdxd
rPEAoMUduKiqlbrfDMIb5O9Jf6C7Kfpx
=Sb+b
-----END PGP SIGNATURE-----
--------------enigB2E0C71540ADB0DF8F9AA556--
--===============1144460652==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
--===============1144460652==--
