Too many OTP's got verified
ronvince opened this issue · comments
While using otplib, I have noticed that for a secret key there are so many different OTP's that are valid at given point of time
Steps to reproduce the behavior:
- config options
step=1
window=300
digits=4 - This will generate 1 otp for a secret key per second, for 300s window size there will be at most 300 otps valid.
- But when I tried 550-600 are passed as valid
- By increasing step to 30, new otp's are created every 30s, still 550-600 otp's are valid
- These are for 4 digit otp's
Isn't that correct?
From documentation window is "Tokens in the previous and future x-windows that should be considered valid. "
So if you have window with value 300 it should accept 300 previous otp's.
I have tried window: 1 with step: 30.
when I enter the code, it fails when a new code show in the app.
It should accept one past code.
Am I missing something?