starred/google2fa
1
0
Fork 0
mirror of https://github.com/antonioribeiro/google2fa.git synced 2026-04-26 00:25:52 +03:00
Code Issues 19 Projects Releases 3 Packages Wiki Activity

[GH-ISSUE #23] [Q] keyRegeneration period and window (key) #246

New issue
Closed
opened 2026-03-01 17:48:36 +03:00 by kerem · 3 comments
kerem commented 2026-03-01 17:48:36 +03:00
Owner
Copy link

Originally created by @sokai on GitHub (Jan 25, 2016).
Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/23

Hi there! Yesterday I played a bit with G2FA and now have a question. (I don't know another place to ask and I know that the original code was made by a Phil …)

Background of my understanding

G2FA generates (default) every 30 secs (= keyRegeneration) a new OTP with a valid. time/period from now (= timeStamp) up to now + 4x30 secs (now is rounded down to the last 30st second).

Example one

now: 11:03:54
valid from: 11:03:30
valid up to: 11:05:30

Example two

now: 11:03:15
valid from: 11:03:00
valid up to: 11:05:00

Questions

Examples

With the above examples my expected valid up to-time is not true. My OTPs always are 30 secs longer valid.

example one = up to 11:06:00
example two = up to 11:05:30

→ So I'm missing something or is my understanding wrong?

My scenario

Is a scenario where OTPs are generated every second and are valid for 20 secs realisable/feasible. And if yes, how can I do it?

Tanks a lot for your help and best regards!

Originally created by @sokai on GitHub (Jan 25, 2016). Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/23 Hi there! Yesterday I played a bit with G2FA and now have a question. (I don't know another place to ask and I know that the original code was made by a Phil …) ### Background of my understanding G2FA generates (default) every 30 secs (= `keyRegeneration`) a new OTP with a valid. time/period from now (= `timeStamp`) up to `now + 4x30 secs` (`now` is rounded down to the last 30st second). #### Example one ``` now: 11:03:54 valid from: 11:03:30 valid up to: 11:05:30 ``` #### Example two ``` now: 11:03:15 valid from: 11:03:00 valid up to: 11:05:00 ``` ### Questions #### Examples With the above examples my expected `valid up to`-time is not true. My OTPs always are **30 secs longer valid**. ``` example one = up to 11:06:00 example two = up to 11:05:30 ``` → So I'm missing something or is my understanding wrong? #### My scenario Is a scenario where OTPs are generated **every second** and are **valid for 20 secs** realisable/feasible. And if yes, how can I do it? Tanks a lot for your help and best regards!
kerem closed this issue 2026-03-01 17:48:36 +03:00
kerem commented 2026-03-01 17:48:37 +03:00
Author
Owner
Copy link

@aik099 commented on GitHub (Mar 11, 2016):

The window concept is a way to compensate following:

  • time, how long it takes to submit your code back to server for checking (if you submit in last second code is valid, then without window check would fail)
  • if time on server is out of sync (a bit) with time on user's computer
<!-- gh-comment-id:195350738 --> @aik099 commented on GitHub (Mar 11, 2016): The window concept is a way to compensate following: - time, how long it takes to submit your code back to server for checking (if you submit in last second code is valid, then without window check would fail) - if time on server is out of sync (a bit) with time on user's computer
kerem commented 2026-03-01 17:48:37 +03:00
Author
Owner
Copy link

@antonioribeiro commented on GitHub (Jul 17, 2016):

30 seconds is the OTP general lifetime, if you change it on your end, you will not be able to use things like Google Authenticator. This is the first window.

There's a second window, to solve the problems pointed by @aik099: your OTP is valid 4 seconds before the 30s window starts and lasts 4 seconds after the window has ended.

<!-- gh-comment-id:233208432 --> @antonioribeiro commented on GitHub (Jul 17, 2016): 30 seconds is the OTP general lifetime, if you change it on your end, you will not be able to use things like Google Authenticator. This is the first window. There's a second window, to solve the problems pointed by @aik099: your OTP is valid 4 seconds before the 30s window starts and lasts 4 seconds after the window has ended.
kerem commented 2026-03-01 17:48:37 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Sep 15, 2016):

Using lifetime of 30 seconds is fine, because most apps (FreeOTP) use 30 seconds to show "valid graph". Using
$google2fa->verifyKey($key_from_user, $entered_key, 0)

will make the key only valid for 30 seconds, but keep in mind many companies use some kind of "offset" as mentioned above (time for submitting request etc.).

<!-- gh-comment-id:247433642 --> @ghost commented on GitHub (Sep 15, 2016): Using lifetime of 30 seconds is fine, because most apps (FreeOTP) use 30 seconds to show "valid graph". Using `$google2fa->verifyKey($key_from_user, $entered_key, 0)` will make the key only valid for 30 seconds, but keep in mind many companies use some kind of "offset" as mentioned above (time for submitting request etc.).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
9.x
fix-coverage
bump-to-version-9
10.x
reformat-code
add-linting
reorder-imports
8.x
install-php-84
test-on-php84
github-actions
master
7.x
pspstan
revert-124-123-google2fa_fix
v9.0.0
v8.0.3
v8.0.2
v8.0.1
8.0.0
v7.0.0
v6.1.3
v6.1.0
v6.0.1
v6.0.0
v4.0.2
v4.0.1
v5.0.0
v4.0.0
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.0.1
v1.0.0
v0.8.1
v0.8.0
v0.7.1
v0.7.0
v0.6.0
v0.5.0
v0.1.0
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/google2fa#246
No description provided.