Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Too many OTP's got verified #555

Open
ronvince opened this issue Feb 24, 2021 · 2 comments
Open

Too many OTP's got verified #555

ronvince opened this issue Feb 24, 2021 · 2 comments

Comments

@ronvince
Copy link

While using otplib, I have noticed that for a secret key there are so many different OTP's that are valid at given point of time

Steps to reproduce the behavior:

  1. config options
    step=1
    window=300
    digits=4
  2. This will generate 1 otp for a secret key per second, for 300s window size there will be at most 300 otps valid.
  3. But when I tried 550-600 are passed as valid
  4. By increasing step to 30, new otp's are created every 30s, still 550-600 otp's are valid
  5. These are for 4 digit otp's
@suruaku
Copy link
Contributor

suruaku commented Mar 14, 2021

Isn't that correct?
From documentation window is "Tokens in the previous and future x-windows that should be considered valid. "
So if you have window with value 300 it should accept 300 previous otp's.

@ankursachdeva11
Copy link

I have tried window: 1 with step: 30.
when I enter the code, it fails when a new code show in the app.
It should accept one past code.
Am I missing something?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ankursachdeva11 @ronvince @suruaku