"multiotp user token" command takes 20s to complete on the client

[yankaiqian]

Server: multiOTP 5.9.5.1 on Linux, with PHP 7.3.25, nginx 1.18.0 Client: multiOTP credential provider 5.9.4.0 on Windows 10 22H2.

When I run the command "php multiotp.php username xxxxxx" on server, I can see the results immediately. But when I run the command "multiotp.exe username xxxxxx" on client, it will take 20 seconds to complete.

Here is the debug log (/var/log/multiotp/multiotp.log) from server when I tested the token of user simba on the windows client. May I know what happened during the 20 seconds (for example: 22:34:20 ~ 22:34:40)?

multiotp 5.9.5.1 Your script is running from /var/www/html/test/ 2023-02-13 22:34:20 debug CredentialProviderRequest Info: Value for IsCredentialProviderRequest: 0 otpserver 2023-02-13 22:34:20 debug Server-Client Info: CheckUserExists server request for simba with challenge MOSH27e7573e7b78f972a9fd986ca125374e 0 otpserver 2023-02-13 22:34:20 debug Server-Client Info: CheckUserExists intermediate error code: 22 0 otpserver 2023-02-13 22:34:20 debug Server-Client Info: Server secret used for command CheckUserExists with error code result 22: ClientServerSecret 0 otpserver

multiotp 5.9.5.1 Your script is running from /var/www/html/test/ 2023-02-13 22:34:20 debug CredentialProviderRequest Info: Value for IsCredentialProviderRequest: 0 otpserver 2023-02-13 22:34:20 debug Server-Client Info: ReadUserData server request for simba 0 otpserver 2023-02-13 22:34:20 debug Server-Client Info: *Server secret used for command ReadUserData with error code result 19: ClientServerSecret 0 otpserver

multiotp 5.9.5.1 Your script is running from /var/www/html/test/ 2023-02-13 22:34:40 debug CredentialProviderRequest Info: Value for IsCredentialProviderRequest: 0 otpserver 2023-02-13 22:34:40 debug Server-Client Info: ReadUserData server request for simba 0 otpserver 2023-02-13 22:34:40 debug Server-Client Info: *Server secret used for command ReadUserData with error code result 19: ClientServerSecret 0 otpserver

multiotp 5.9.5.1 Your script is running from /var/www/html/test/ 2023-02-13 22:34:40 debug CredentialProviderRequest Info: Value for IsCredentialProviderRequest: 0 otpserver 2023-02-13 22:34:40 debug Server-Client Info: CheckUserToken server request. 0 otpserver 2023-02-13 22:34:40 notice simba User OK: User simba successfully logged in with TOTP token 0 otpserver 2023-02-13 22:34:40 debug Server-Client Info: Cache level is set to 1 0 otpserver 2023-02-13 22:34:40 debug Server-Client Info: Server secret used for command CheckUserToken with error code result 0: ClientServerSecret 0 otpserver

If any other information needed, please let me know, thank you!

update: I also tested the OTP authentication time when user login to windows, it takes about 6s (from the timestamp in multitop.log), what is the process when we use the multiotp tool on client? why does the client multiotp tool take longer (20s) to test the token of user?

[yankaiqian]

I found the new version ( 5.9.5.6 ) of multiOTP Credential Provider, will try it and update here. https://download.multiotp.net/credential-provider/

Update: I don't know why, but here is the way how I solve this issue after comparing two config files on different PCs. Change the value of "anonymous_stat_last_update" in multiotp.ini on client from "0" to "1676373643":

anonymous_stat_last_update=1676373643

Now it takes 1 second (or less than 1s) to do the OTP authentication using multiotp.exe on client. It works with multiOTP credential provider v5.9.4.0 too,

I would appreciate it if anyone could explain why, I tried to search "anonymous_stat_last_update" in the readme and wiki page, but found nothing.

[yankaiqian]

https://github.com/multiOTP/multiOTPCredentialProvider/issues/36 "anonymous_stat=0 will disable any statistics collection"