SN 1008: HOTP and TOTP - SyncThing, Auto-Updates, Sci-Fi Recs - podcast episode cover

SN 1008: HOTP and TOTP - SyncThing, Auto-Updates, Sci-Fi Recs

Security Now (Video)
Jan 15, 20252 hr 50 minEp. 1008
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description

  • Meta winds down 3rd-party content filtering. Is encryption soon to follow?
  • Taking over abandoned Command & Control server domains (strictly for research purposes only).
  • IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care?
  • "SyncThing" receives a (blessedly infrequent) update.
  • Government email is not using encryption? Really?
  • Email relaying prevents point-to-point end-to-end encryption and authentication.
  • Just because Let's Encrypt doesn't support email doesn't mean it's impossible.
  • What Sci-Fi does ChatGPT think I (Steve) should start reading next?
  • To auto-update or not to auto-update? — is that one question or two?
  • And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens.

Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Transcript

Primary Navigation Podcasts Club Blog Subscribe Sponsors More… Tech HOTP Unveiled: The Surprising Design Choices Behind Two-Factor Authentication

Jan 17th 2025 by Benito Gonzalez

AI-created, human-edited.

In a recent episode of Security Now, hosts Steve Gibson and Leo Laporte dove deep into the fascinating world of two-factor authentication codes, sparked by an intriguing observation from a listener. The discussion revealed surprising insights about how these ubiquitous security codes are generated—and some questionable design choices in their implementation.

The episode began with a listener's observation that two-factor authentication codes seemed to contain more repeated digits than one would expect. This simple observation led to a comprehensive exploration of the TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password) algorithms that generate these codes.

At their core, these authentication codes rely on two key standards:

TOTP (RFC 6238, 2011): Handles the time-based aspectsHOTP (RFC 4226, 2005): Generates the actual codes

The process begins with an HMAC (Hash-based Message Authentication Code) using SHA-1, which produces 160 bits of cryptographically secure pseudo-random data. This is where things get interesting—and according to Gibson, where the implementation takes an unexpected turn.

Gibson presented what he considered the mathematically elegant approach to generating six-digit codes: taking the entire 160-bit number and performing successive divisions by 10, using the remainders to generate truly random digits. This method would utilize all available entropy from the SHA-1 hash.

Instead, the standardized HOTP algorithm uses what Gibson somewhat critically termed a "kindergarten design":

Takes the last byte of the hashMasks off the upper 4 bitsUses the remaining bits as an offset to select four bytes from the hashForces the result to be positive by clearing the highest bitDivides by one million to get a six-digit code

Gibson and Laporte identified several issues with this approach:

It wastes most of the available entropyThe byte selection process is needlessly complexThe implementation suggests a fundamental misunderstanding of how cryptographic hashes work

Perhaps the most surprising revelation was that the complex byte selection process serves no cryptographic purpose. As Gibson explained, any four bytes from a cryptographically secure hash would be equally random—the designers could have simply used the first four bytes and achieved the same result with much simpler code.

Despite the implementation's peculiarities, Gibson and Laporte concluded that the system remains secure for its intended purpose. The generated codes are still sufficiently random, and the 30-second rotation provides adequate security. The perceived patterns in the codes that sparked the initial investigation are likely due to apophenia—the human tendency to see patterns where none actually exist.

Key Takeaways:

The standardized HOTP implementation is needlessly complexIt wastes significant entropy from the SHA-1 hashThe implementation suggests possible misunderstandings by the original designersDespite its flaws, the system remains secure for practical purposesPerceived patterns in 2FA codes are likely psychological rather than mathematical

This deep dive into 2FA code generation reveals an important truth about security implementations: they don't need to be perfect to be effective. While the HOTP standard may not be the most elegant solution possible, it achieves its security goals while being simple enough for widespread implementation. Sometimes, as Gibson and Laporte noted, practicality trumps theoretical perfection in real-world security solutions.

The discussion serves as a fascinating case study in how security standards evolve and how even widely-used systems can harbor surprising implementation choices. It also highlights the importance of understanding the underlying mechanisms of our security tools, even if their flaws turn out to be more amusing than concerning.

Subscribe to Security Now for all your cybersecurity news.

Share: Copied! Security Now #1008
Jan 14 2025 - HOTP and TOTP
SyncThing, Auto-Updates, Sci-Fi Re… All Tech posts Contact Advertise CC License Privacy Policy Ad Choices TOS Store Twitter Facebook Instgram YouTube Yes, like every site on the Internet, this site uses cookies. So now you know. Learn more Hide Home Schedule Subscribe Club TWiT About Club TWiT FAQ Access Account Members-Only Podcasts Update Payment Method Connect to Discord TWiT Blog Recent Posts Advertise Sponsors Store People About What is TWiT.tv Tickets Developer Program and API Tip jar Partners Contact Us
Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast