naz
commented
8 years ago hey @guyht , could you please take a look at this PR? It addresses a valid issue but never gotten merged in.
Open homakov opened 9 years ago
naz
commented
8 years ago hey @guyht , could you please take a look at this PR? It addresses a valid issue but never gotten merged in.
guyht
commented
8 years ago Apologies. I'll go through the backlog this weekend.
On Thu, Sep 22, 2016, 20:45 Nazar Gargol notifications@github.com wrote:
hey @guyht https://github.com/guyht , could you please take a look at this PR? It addresses a valid issue but never gotten merged in.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/guyht/notp/pull/36#issuecomment-248893364, or mute the thread https://github.com/notifications/unsubscribe-auth/AAXgQ4Qze92RGlPGs6MMVbXwfF4pxLEdks5qsnhpgaJpZM4GVO8e .
guyht
commented
8 years ago @gargol @homakov any reason we pick 3? Fully on board that 100 is too many, but 6 is a pretty small window. Are there any comparisons we can draw to other libraries for what is standard?
homakov
commented
8 years ago There's no clock skeq requirement so 3 is rather a standard. Check sakurity.com/otp to see how bad it gets with 100.
https://twitter.com/homakov/status/658318926888239104 much easier to bruteforce