empjustine / lwuitgauthj2me

Automatically exported from code.google.com/p/lwuitgauthj2me
0 stars 0 forks source link

TOTP updated relative to aplicaton startup at 30 second intervals #11

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
First and foremoset thanks for a very nice & useful app!

What steps will reproduce the problem?
1. start application at the end of keying period (e.g. xx:25 or xx:55)
2. 5 seconds later the TOTP should change, instead the app displays a wrong 
TOTP for the next 25 seconds

What is the expected output? What do you see instead?
New TOTP is expected from the begining of 30s period, the old TOTP is displayed.

What version of the product are you using? On what operating system?
Latest version on Nokia C2-01

Please provide any additional information below.
The problem is the updateKeysTask timer set to 30 seconds instead of 1 second: 
http://code.google.com/p/lwuitgauthj2me/source/browse/src/userclasses/AccountMan
ager.java#38

The bug probably went undetected because Google is using loose TOTP window on 
their side. Google Authenticator can be used as a PAM module for authenticating 
to Linux systems and the TOTP window requirements can be set more strictly. 
This subtle bug makes the application useles for such strict auth. Please 
correct as soon as is convenient.

Also, I have a feature suggestion/request: a countdown display would be really, 
really useful!

Original issue reported on code.google.com by juraj.br...@gmail.com on 22 Oct 2012 at 12:59

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago

Original comment by Rafael.B...@gmail.com on 22 Oct 2012 at 8:46

GoogleCodeExporter commented 8 years ago
Indeed there is a bug. Like you suggested it was until now not detected due to 
the loose TOTP implementation by Google. I think I fixed it in Revison 
71809ec01e0e . Please try the following files and confirm the fix.

Original comment by Rafael.B...@gmail.com on 22 Oct 2012 at 8:49

Attachments:

GoogleCodeExporter commented 8 years ago
Thanks for a lightning-fast response! "works for me" (tm) :)

Looked at the diffs - like the way you fixed it.

HC

Original comment by juraj.br...@gmail.com on 23 Oct 2012 at 7:28

GoogleCodeExporter commented 8 years ago
You are welcome. 
Concerning your feature request of a countdown display I added a visual 
notification by fading out the padlock icon during the last 10 seconds before a 
new key. On my phone this looks nice and intuitive without taking any extra 
space. I'm just not sure if the last 10 seconds are enough. What's your opinion?

Original comment by Rafael.B...@gmail.com on 23 Oct 2012 at 8:12

Attachments:

GoogleCodeExporter commented 8 years ago

Original comment by Rafael.B...@gmail.com on 7 Dec 2012 at 12:18