Re: How do OTP tokens work?

On Mar 12, 12:15 pm, Unruh <unruh-s...@xxxxxxxxxxxxxx> wrote:
droid <jshowal...@xxxxxxxxx> writes:
If this is off-topic here, please direct me to the 'right' group.
I just got a VeriSign Secure Key from PayPal, which is a one time
password (OTP) token used for two factor authentication (TFA). The
PayPal Secure Key is a sequence-based token. Here's how I think it
Although it displays six digits, I don't think it generates six digit
pseudo-random numbers. Rather, I think the six digits are made-up of
two components. The first component is the next number in the pseudo-
random sequence and the other is an encoding of the button-press.
Given the server 'knows' where in the pseudo-random sequence the key
began and how many key-presses (sequences) there have been, it 'knows'
where the key is in the sequence.
Does anyone know if I'm right about this?

No idea, but I doubt it.

Sure they can. The international time standards define time to an accuracy
of about 1 sec in 1000000 years. And ntp or chrony will keep your clocks synchronized
to that that to better than a millisecond ( and a microsecond if you use a
PPS GPS receiver to sync your computer).

Huh? My nephew's time-based token is completely self contained - it
has no receiver.
It's clock is on it's own.