Comment by lucb1e
5 days ago
What's the difference between storing a random number and storing the OTP secret? It's all ones and zeroes in a database
If you store the OTP secret in an HSM, then you can do the same when generating a random number. I'm not aware of anyone actually doing that though (I surely won't have seen even 1% of what's out there, but as a security consultant I get around at least a little bit)
No comments yet
Contribute on Hacker News ↗