| Yubico Forum https://forum.yubico.com/ |
|
| Timestamp starts not at 0 https://forum.yubico.com/viewtopic.php?f=5&t=301 |
Page 1 of 1 |
| Author: | Andreas M. [ Thu Mar 26, 2009 6:28 pm ] |
| Post subject: | Timestamp starts not at 0 |
Hi all, I have a reprogrammed yubikey. All is fine, but... In the documentation under http://wiki.yubico.com/wiki/index.php/Yubikey stands: The timecode starts at 1 once the Yubikey is powered. It is incremented by an 8 Hz internal clock and counts from 1 to 16,777,216 which gives it a runtime of 24.27 days. When it reaches its limit, the session is terminated and no more OTPs can be generated. Ok! Not mine... Yubikey in, button pressed, decoded: byte 10: 105 byte 09: 190 byte 08: 170 Once again, yubikey out, drink some coffee, yubikey in, press the button, decode: byte 10: 248 byte 09: 196 byte 08: 99 All other is Ok. SessionCounter, TokenCounter, CRC. In the second example, the time would be (248 * 65535 + 196 * 256 + 99) \ 8 Hz = 2037869,375 seconds = 23,58 days. So I have 24,27 - 23,58 = 0,69 days left, before the Yubikey stops generating keys. If I let the Yubikey in and press it some times, the time difference between the pushes is correct. Did I miss something? Andreas |
|
| Author: | Simon [ Fri Mar 27, 2009 10:26 am ] |
| Post subject: | Re: Timestamp starts not at 0 |
This was changed after comments made here on the forum actually! The timestamp now start at a random position. There is no need for it to start at 0 (or 1), the sever needs to store the values and compute the difference between two OTPs anyway. I'm not sure the wiki page is correct anyway, I thought the timestamp wrapped around and just continued. There isn't a problem with that as long as the ctr/use counters are incremented properly. /Simon |
|
| Author: | rpimonitrbtch [ Mon Mar 30, 2009 9:17 pm ] |
| Post subject: | Re: Timestamp starts not at 0 |
Was actually suspecting this to be the case... So, if the timestamp is no longer a limiting factor per-session, does the use counter then become the limiting factor? I'd assume so, as there has to be something to ensure that the OTP's are indeed ONE TIME, right? |
|
| Author: | Jakob [ Mon Apr 06, 2009 12:16 am ] |
| Post subject: | Re: Timestamp starts not at 0 |
The timestamp is not needed to verify the OTP although it certainly can add an extra level of security. Each OTP is guaranteed to be unique by the means of the usage counter and the session counter. If the session counter wraps, the usage counter is automatically incremented. Regards, JakobE Hardware- and firmware guy @ Yubico |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|