Comment by fxj

20 days ago

TOTP is also just password + some computation. So where is the difference? There is a lot of security theatre around TOTP with the QR code and then need of an app but you can write a 8 liner in python that does the same when you extract the password out of the QR code.

   import base64
   import hmac
   import struct
   import time

   def totp(key, time_step=30, digits=6, digest='sha1'):
        key = base64.b32decode(key.upper() + '=' \* ((8 - len(key)) % 8))
        counter = struct.pack('>Q', int(time.time() / time_step))
        mac = hmac.new(key, counter, digest).digest()
        offset = mac[-1] & 0x0f
        binary = struct.unpack('>L', mac[offset:offset+4])[0] & 0x7fffffff
        return str(binary)[-digits:].zfill(digits)

https://dev.to/yusadolat/understanding-totp-what-really-happ...

29 comments

fxj

elderlybanana 20 days ago

Yes, TOTP is a secret + computation, and generating it is trivial once you have the secret. The security difference is that the TOTP secret is separate from the user’s password and the output is short-lived. Each of the two factors address different threat models.

crote 20 days ago

You are supposed to store the password in a Secure Enclave, which you can only query for the current token value. You are also supposed to immediately destroy the QR code after importing it.

As I already mentioned, the fact that people often use it wrong undermines its security, but that doesn't change the intended outcome.

gruez 19 days ago
>You are supposed to store the password in a Secure Enclave,
That's at best a retcon, given given that the RFC was first published in 2008
>You are also supposed to immediately destroy the QR code after importing it.
Most TOTP apps support backups/restores, which defeats this.
- craftkiller 19 days ago
  
  > That's at best a retcon, given given that the RFC was first published in 2008
  How so? Apple didn't invent the idea of a secure enclave. Here is a photo of one such device, similar to one I was issued for work back in ~2011: https://webobjects2.cdw.com/is/image/CDW/1732119
  No option to get the secret key out. All you can get out is the final TOTP codes. If anything, having an end-user-programmable "secure enclave" is the only thing that has changed.
  I think they probably meant "Secure Enclave" in the same way that people say "band-aid" instead of "adhesive bandage", "velcro" instead of "hook and loop fastener", and "yubikey" instead of "hardware security token".
  
  1 reply →
- aja12 19 days ago
  
  >Most TOTP apps support backups/restores, which defeats this.
  Citation needed? Yubico authenticator doesn't (the secure enclave is the Yubikey). I'd be very surprised if MS Authenticator and Authy (which I don't use but are the most popular apps that I know of) support such backups
  
  2 replies →
alt227 20 days ago
IMO if it is possible to use a system wrongly which undermines its security, it is already broken.
- TeMPOraL 19 days ago
  
  On the contrary - perfect security is only possible if your system is an inert rock. Or not even then, as the users could still use the rock "wrong" by beating security maximalists over their heads with it.
  Also honestly TIL that TOTP are somehow supposed to also enforce a single copy of the backing token being in existence. That's not just bad UX, that feels closer to security overreach.
  People in tech, especially software and security folks, tend to miss the fact that most websites with 2FA already put a heavier security burden on their users than anything else in real life. There's generally no other situation in peoples' lives that would require you to safely store for years a document that cannot be recovered or replaced when destroyed[0]. 2FA backup codes have much stricter security standard than any government ID!
  And then security people are surprised there's so much pushback on passkeys.
  --
  [0] - The problem really manifest when you add lack of any kind of customer support willing to or capable of resolving account access issues.
- lmz 20 days ago
  
  This is how we get sites that block software tokens and only allow a whitelist of hardware based tokens.
  
  1 reply →
- lazide 20 days ago
  
  There is no system which cannot be used wrongly in a way which undermines it’s security.
  
  3 replies →
- Jean-Papoulos 20 days ago
  
  I can chuck a brick at your head. Clearly the brick is broken
  
  1 reply →
- dpoloncsak 19 days ago
  
  Pass-The-Hash attacks exist and the only real countermeasure is to never log into user machines with privileged credentials
  
  2 replies →
- justincormack 20 days ago
  
  I mean, TOTP is one of the earliest 2 factor systems, and works least well.

Ferret7446 20 days ago

Exactly, which is why TOTP is "weak". "Real" 2FA like FIDO on a security key makes it much harder.

ACCount37 19 days ago
TOTP is the "good enough" 2FA.
If I managed to intercept a login, a password and a TOTP key from a login session, I can't use them to log in. Simply because TOTP expires too quickly.
That's the attack surface TOTP covers - it makes stealing credentials slightly less trivial by making one of the credentials ephemeral.
- alphager 19 days ago
  
  The 30 seconds (+30-60 seconds to account for clock drift) are long enough to exploit.
  TOTP is primarily a defense against password reuse (3rd party site gets popped and leaks passwords, thanks to TOTP my site isn't overrun by adversaries) and password stuffing attacks.
  
  2 replies →

susam 19 days ago

Original source of the 8 liner Python code: https://github.com/susam/mintotp/blob/main/mintotp.py

az09mugen 19 days ago

Thanks for the link on TOTP and the associated code !