Home > Blockchain >  Is it possible to derive the shared secret from TOTP codes?
Is it possible to derive the shared secret from TOTP codes?

Time:01-07

Suppose an attacker got a list of the TOTP codes that I had generated with an authenticator app. The attacker also knows the timestamps at which the authenticator app had produced the codes.

code   timestamp   
182038 1671981349726
774903 1671981333299
238982 1671981328102

Using that information, would it be feasible for the attacker derive or somehow deduce the secret? Or could they use this data to reduce the possible range of values that the secret could be to a small enough list, such that they could use brute force to go the rest of the way?

CodePudding user response:

Short answer: Feasible? No.

The security of the TOTP algorithm against this attack is based on the difficulty of obtaining an exact input to the SHA-1 hash function when given some bits from its output. This was one of the design considerations of HOTP and TOTP, and it is considered that the best attack on it is still brute force of the secret key shared between the parties at initialization time. If that key is secure, TOTP should be secure against publishing timestamps and TOTP values.

  • Related