Re: [OATH-Toolkit-help] OATH token time drift / synchronisation turnaround

[Andrew McGlashan]

Hi,

Try again, with quicker and better way to get server's time.

On 6/06/2013 9:21 PM, Simon Josefsson wrote:
> Ilkka Virta <address@hidden> writes:
> 
>>> And there is also time zone confusion
>>> to take into account as another source of clock differences.
>>
>> It's all in UTC, so there shouldn't be any time zone confusion, unless
>> somebody is doing something really wrong, right?
> 
> Right.  I'm guessing it isn't completely uncommon if you have a wide
> variety of devices generating TOTPs (PCs, tablets, cell phones, etc).

I've got another idea.....


This will get the date/time from a server, Google in this instance:

curl -D- http://google.com 2>/dev/null| \
        grep ^Date|sed 's/^Date: //'|tr -d '\r\n'


I've used that to sync TOTP generation with oathtool on Debian Wheezy
like this:


#!/bin/bash

SECRET=my_base32_secret
SERVER_URL=http://google.com

while :
do
        NOW=$(curl -D- $SERVER_URL 2>/dev/null| \
                grep ^Date|sed 's/^Date: //'|tr -d '\r\n')
        echo "$NOW -- $(date) -- $( \
                /usr/bin/oathtool --totp -b -d 6 \
                        --now="$NOW" $SECRET \
        )"
        sleep 1
done



It's a bit kludgy, but it gives you an idea as to how we might add in
server specific results -- making sure to use THEIR time ... so the
result is always virtually in sync with the target server that the TOTP
will be used with.

Perhaps a parameter for the host to check time from.

What do you think?

Cheers

-- 
Kind Regards
AndrewM