← Back to context

Comment by ulrikrasmussen

5 hours ago

In practice most TOTP implementation also do not prove that you have a device which is the sole owner of the secret. Except for proprietary app-based solutions the usual protocol is to display a QR code which just encodes the secret in plain text.

As long as you never enter the secret anywhere but only do the computation is your head, this is just using your brain as the second factor. I would not call this a password since it is not used in the same way. Passwords are entered in plain text into fields that you trust, but that also means that passwords can be stolen. This proves that you are in possession of your brain.

3 comments

ulrikrasmussen

Reply
swiftcoder  4 hours ago

> Passwords are entered in plain text into fields that you trust, but that also means that passwords can be stolen

The only difference here is that you are hashing the password in your head, instead of trusting the client to hash it for you before submitting it to the server.

Which makes the threat model here what, exactly? Keyloggers, or login pages that use outdated/insecure methods to authenticate with the server?

  • ulrikrasmussen  4 hours ago

    Yes, but also plain guessing since passwords are usually chosen by the user and not generated by the server like TOTP secrets. Also phishing attacks tricking users into entering their passwords in fake login pages, and stolen password databases.

    • swiftcoder  10 minutes ago

      > Yes, but also plain guessing since passwords are usually chosen by the user and not generated by the server like TOTP secrets.

      If we were talking a >256-bit secret, I'd buy this, but in the human-calculated case I don't see how it actually helps with this, because you've substituted a ~8 character password for a 6 digit number, which is significantly less search space to brute-force.

      > Also phishing attacks tricking users into entering their passwords in fake login pages

      yes, this is more-or-less a subset of the "keylogger/insecure login page" case

      > and stolen password databases

      There's still a server-side TOTP secret database to be stolen, no? And normally that would be hard to reverse-engineer the actual secret from, but again, you've shrunk the search space down to 1,000,000 entries, which is trivial to brute force.