otplib API Documentation / @otplib/core / MAX_WINDOW
Variable: MAX_WINDOW
constMAX_WINDOW:100=100
Defined in: packages/core/src/utils.ts:83
Maximum verification window size
Limits the number of HMAC computations during verification to prevent DoS attacks. A window of 100 means up to 201 HMAC computations ([-100, +100] range).
For TOTP: window=1 is typically sufficient (allows +-30 seconds clock drift) For HOTP: window=10-50 handles reasonable counter desynchronization