How do OTP tokens work?



If this is off-topic here, please direct me to the 'right' group.

I just got a VeriSign Secure Key from PayPal, which is a one time
password (OTP) token used for two factor authentication (TFA). The
PayPal Secure Key is a sequence-based token. Here's how I think it
works:

Although it displays six digits, I don't think it generates six digit
pseudo-random numbers. Rather, I think the six digits are made-up of
two components. The first component is the next number in the pseudo-
random sequence and the other is an encoding of the button-press.
Given the server 'knows' where in the pseudo-random sequence the key
began and how many key-presses (sequences) there have been, it 'knows'
where the key is in the sequence.

Does anyone know if I'm right about this?

There are also time-based OTP tokens. My nephew uses one at his work
place and I can't figure out how they are kept synchronized with the
login server.

If I suppose time-based tokens had perfect clocks; then given the
server
knows both where (in the pseudo-random sequence) and precisely when
(in
real time) the device was started; it would always 'know' exactly
where
the token is in the sequence. Simple.

But the clocks _can't_ be that precise. I will assume a drift of a
few
seconds in three years and that would produce unacceptable login
failure
rates.

Does anyone know how time-based tokens work?
.



Relevant Pages

  • How do OTP tokens work?
    ... PayPal Secure Key is a sequence-based token. ... Given the server 'knows' where in the pseudo-random sequence the key ... There are also time-based OTP tokens. ... If I suppose time-based tokens had perfect clocks; ...
    (comp.security.unix)
  • Re: How do OTP tokens work?
    ... I just got a VeriSign Secure Key from PayPal, which is aone timepasswordtoken used for two factor authentication. ... Given the server 'knows' where in the pseudo-random sequence the key ... There are also time-based OTP tokens. ... To account for clock drift, if the user submits a bad OTP, ...
    (comp.security.unix)
  • Re: Universal grammar
    ... Working math also consists much of human cognitive ... Some aspects of truth exist, but not all which people want. ... question might be--does there exist a sequence of tokens which is ...
    (sci.lang)
  • Re: What does xii.tex do?
    ... fil -> here that means sequence of messages ... What we have to do is to expand all the macros. ... sequence of D tokens, a space, a sequence ofE tokens, a comma, and a ... execute A B C E \D. ...
    (comp.text.tex)
  • Re: How do OTP tokens work?
    ... PayPal Secure Key is a sequence-based token. ... Given the server 'knows' where in the pseudo-random sequence the key ... It's clock is on it's own. ...
    (comp.security.unix)