OTP works at start then no

franz_rj_strebel · February 17, 2021, 8:47pm

Hello,
I’m using a Nitrokey Pro with the official AppImage on Slackware Linux. My mobile has an authenticator app with the same TOTP configurations as the Nitrokey.

At the start, I can see that the Nitrokey gives me the same codes as my authenticator app. But as the day goes on, it somehow gets out of sync and the only way to get it working again is to close the app, and start it up once more.

The mobile’s clock is synced to the network and my computer’s to the NTP pool. At worst, I’ve seen a two second difference between them. Any ideas what could be going on?

Kind regards,
Franz STREBEL

szszszsz · February 18, 2021, 8:32am

Hello!

There is a possibility that Nitrokey’s Pro internal clock drifts too much over the time (caused by time flow approximation, as no real time clock is available on the used chip). The time is set on the device just before the very first TOTP in the given Nitrokey App session, which is not enough in your use case.
I will register this as a bug, and ask for setting the time on each TOTP request.

Details: https://github.com/Nitrokey/nitrokey-app/blob/master/src/ui/mainwindow.cpp#L1470

Edit: registered as NitrokeyApp#467