←back to thread

Behind the 6-digit code: Building HOTP and TOTP from scratch

(blog.dogac.dev)
248 points dogacel | 4 comments | 11 Apr 25 13:06 UTC | HN request time: 0.854s | source
Show context
notpushkin ◴[15 Apr 25 02:27 UTC] No.43688465[source]
> Also in some examples like Facebook's password recovery, this secret clock is not shared with the user directly but rather server's generated one-time password is sent via a trusted medium, such as an email to the user.

I’m pretty sure Facebook just makes up a random number and stores it?

replies(2): >>43688485 #>>43688851 #
dogacel ◴[15 Apr 25 03:59 UTC] No.43688851[source]
Good catch. In my mind storing that random number is similar to storing a plain-text password, thus I thought they were generating TOTPs. Let's hear from others how they implemented it.
replies(5): >>43688873 #>>43688969 #>>43689277 #>>43689772 #>>43690963 #
SoftTalker ◴[15 Apr 25 04:03 UTC] No.43688873[source]
It would be, but you could still store an expiration time, and limit the number of attempts to use the code. Considering you're probably sending it to the user insecurely anyway (via email or text message), that's probably safe enough.
replies(2): >>43689060 #>>43690002 #
1. dogacel ◴[15 Apr 25 04:45 UTC] No.43689060[source]
Thanks for all your insights, I have updated the post to outline this as a "theoretical" use-case rather than a practical one. I also revised it to include random number approach.
replies(1): >>43689233 #
2. notpushkin ◴[15 Apr 25 05:27 UTC] No.43689233[source]
Perhaps you could also highlight how in usual TOTP implementations (“scan this code with your authenticator app”) there’s no channel to MITM? I think it’s one of the key pros of TOTP vs, say, SMS as a second factor.
replies(1): >>43689285 #
3. dogacel ◴[15 Apr 25 05:35 UTC] No.43689285[source]
I haven't mentioned MITM attacks in this article thoroughly. Can you give some examples on what authentication implementations carry a MITM risk?

I thought anything carried over SSL doesn't have a _significant_ MITM risk.

replies(1): >>43689341 #
4. notpushkin ◴[15 Apr 25 05:44 UTC] No.43689341{3}[source]
Not sure about emails (probably reasonably secure, I think most MTAs use TLS now).

For text message codes though, there’s plenty of attacks. In authoritarian regimes, government can monitor your text messages directly – I think some protestors in Belarus have lost their Telegram accounts due to this. There’s also the SIM swapping attack, where an attacker pretends to be you and ports out your number: https://en.wikipedia.org/wiki/SIM_swap_scam