otplib API Documentation / @otplib/core / utils / MAX_WINDOW
Variable: MAX_WINDOW
constMAX_WINDOW:99=99
Defined in: packages/core/src/utils.ts:95
Maximum verification window size
Limits the number of HMAC computations during verification to prevent DoS attacks. A window of 99 means up to 99 HMAC computations (total checks including current counter). Odd number to cater for equal distribution of time drift + current.
For TOTP: window=1 is typically sufficient (allows +-30 seconds clock drift) For HOTP: window=10-50 handles reasonable counter desynchronization