From 34e3ee28c018e4e9a93cc81a2d6898a56c64f3e3 Mon Sep 17 00:00:00 2001
From: Egor Homakov <homakov@gmail.com>
Date: Sun, 25 Oct 2015 19:28:34 +0300
Subject: [PATCH] 100 clock skew is too huge

https://twitter.com/homakov/status/658318926888239104 much easier to bruteforce
---
 index.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index 3052c5e..f795d68 100644
--- a/index.js
+++ b/index.js
@@ -101,7 +101,7 @@ hotp.gen = function(key, opt) {
  *         E.g. if W = 100, and C = 5, this function will check the passcode
  *         against all One Time Passcodes between 5 and 105.
  *
- *         Default - 50
+ *         Default - 3
  *
  *     counter - Counter value.  This should be stored by the application, must
  *         be user specific, and be incremented for each request.
@@ -109,7 +109,7 @@ hotp.gen = function(key, opt) {
  */
 hotp.verify = function(token, key, opt) {
 	opt = opt || {};
-	var window = opt.window || 50;
+	var window = opt.window || 3;
 	var counter = opt.counter || 0;
 
 	// Now loop through from C to C + W to determine if there is