Invalid OTP generated when interval is not set to 30

pyauth / pyotp

Python One-Time Password Library

https://pyauth.github.io/pyotp/

Other

2.98k stars 324 forks source link

Invalid OTP generated when interval is not set to 30 #68

Closed ribbonhood closed 6 years ago

ribbonhood commented 6 years ago

When the interval argument is not set to 30 when calling pyotp.TOTP(), it appears that any OTP's generated are false when you try to verify them

ribbonhood commented 6 years ago

Turns out it works if both the generator and verifier are initialised with the same interval.

tilkinsc commented 6 years ago

True. This is what I call time blocks. If you take the time in seconds and you % 30 to it, it now will only add one to the result every 30 seconds. Pyotp and my OTP libraries in various other languages all do this for TOTP, as its the standard.

time = gettimeasseconds()
print(time) -> 100,000
print(time % 30) -> 3,333
wait(30)
time = gettimeasseconds()
print(time) -> 100,030
print(time % 30) -> 3,334