On device: If a TOTP is generated now, does it go until the final seconds or does it do it rounded off to the nearest 00?
For example, if I generate a TOTP at 22hr:30m:2s:33ms (checked in UTC) is it rounded off to 22hr:30m:0s:00ms and then generated?
I have this questions because, if I were to generate a TOTP at 22hr:30m:2s:33ms and if the server was to verify it at 22hr:30m:6s:40ms, wont the totp be different? Even if we use 3 steps of 30 seconds each, wont we be missing the 22hr:30m:2s:33ms stop?
I think I am missing the main point here.
Here is how it is rounded using Javascript
var time = leftpad(dec2hex(Math.floor(epoch / 30)), 16, '0');
So what you ask is answered this part ”Math.floor(epoch / 30)” , meaning that the OTP generated at 12:22:30, 12:22:37, 12:22:39 .... 12:22:59 is exactly the same