# TOTP **Time-based One-Time Passwords (TOTP)** are commonly used for user authentication, but in remote attestation, they can serve as a lightweight mechanism to ensure freshness and prevent replay attacks. Attestation technologies such as AMD SEV-SNP and Intel TDX offer hardware-based integrity and cryptographic identity, but they do not inherently prove the freshness of an attestation. By embedding a TOTP in the attestation payload, for example through a custom annotation, it becomes possible to confirm that the report was generated within a valid and recent time window. During provisioning, the attester and verifier share a TOTP secret. The attester includes a current TOTP value in the attestation. The verifier then independently calculates the expected TOTP and accepts the report only if it matches. This method offers a balance of simplicity and security: since the TOTP is embedded within the signed attestation and refreshes typically every 30 seconds and renders outdated reports invalid. It eliminates the need for nonce-based freshness checks while still guarding effectively against replay attacks. In practice, a confidential VM might include a TOTP token in its SEV-SNP attestation, allowing a verifier to confirm both the integrity and freshness of the attestation in a single step. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/nitride/documentation/concepts/totp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.