How is synchronization of counter values achieved in the HOTP protocol? As I und

Question

How is synchronization of counter values achieved in the HOTP protocol?

As I understand it, the server increments its counter value only if a match (of the OTP value) is found. What happens at client side?

Suppose server verifies 50 successful attempts from client which implies counter value at server is 50. What if a fresh request comes from a different client with counter value 0? The server could only check for counter values 50,51,52 if window size is 3,or 50-100 if window size is 50. In both the cases there will be no match as client side counter value is 0.

Explanation / Answer

There is no "fresh client" with HOTP. The whole counter business is based on the idea that there is a single client, who maintains his counter which is more-or-less synchronized with the server counter. The synchronization window is just a way to cope with small unsynchronization events which come from realistic situations (e.g. your 3-year-old played with your car keys and pushed the "unlock button" a few dozen times).

If you want several clients, each client has his own counter, and the server must maintain one counter per client.

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.