how OTP token works?

[[email protected]]

Hi,
i don't understand how OTP token works. Form wikipedia, i read that an OTP password could be basend on:

* time based approach
* new password derived from previous one

For example if i consider VASCO digipass, it is based on an hardware token able to create one time passwords: i don't think it is based on time based approach because token and server should be syncronized. If it is based on a new password derived from previous one, if i accidentaly press token key button multiple times, how server can recognize the next password as a right password?
Thanks

 

[Jasen Betts]

Hi,
i don't understand how OTP token works. Form wikipedia, i read that
an OTP password could be basend on:

* time based approach
* new password derived from previous one

For example if i consider VASCO digipass, it is based on an hardware
token able to create one time passwords: i don't think it is based on
time based approach because token and server should be syncronized. If
it is based on a new password derived from previous one, if i
accidentaly press token key button multiple times, how server can
recognize the next password as a right password?

It knows how to generate passwords too. and hs a faster processor
it can trivially check the next 100 passwords to see if you've
skipped some

For time based tokens the server can estimate clock skew by which of
the passwords you use. (last minute's password, this minute's password,
next minute's password)

In both cases the server will accept multiple different passwords
and use your choice of password to update its knowledge of the state
os your OTP device.