tadeck
commented
9 years ago @angelosarto commented:
extended the library to allow the time to be specified when requesting/verifying a TOTP time code - useful when trying to validate against a particular moment in the past/future and in testing clients. Also added a window parameter to TOTP verification - the window specifies how many intervals of tolerance to allow - a tolerence of 0 (the default) means the codes must fall in the same interval. The window extends in both directions - a window of 1 will have three valid codes: 1 interval behind, the current interval, and one interval ahead.
Aside from failing tests and the comments I have to specific lines, I disagree about semantics of window. I believe window is used not necessarily to accommodate for "skewed time" (which may look like possible intent in this pull request), but rather for the case when timers are synchronized properly, but service (server/app) receives token that user has entered second ago, and that was valid at the time user started sending it.
This just accommodates for the delays in user sending the data, not to him predicting future, so it should rather allow to check x windows in the past, but 0 windows in the future.
What do you think about that?
angelosarto
extended the library to allow the time to be specified when requesting/verifying a TOTP time code - useful when trying to validate against a particular moment in the past/future and in testing clients. Also added a window parameter to TOTP verification - the window specifies how many intervals of tolerance to allow - a tolerence of 0 (the default) means the codes must fall in the same interval. The window extends in both directions - a window of 1 will have three valid codes: 1 interval behind, the current interval, and one interval ahead.