undefined | Better HN

0 pointstremon8mo ago0 comments

the password and the "2FA" seed token are both the same type of secret string

This is a category error. The 2FA seed token may be a string of bytes just like the password, but the seed is never communicated outside your device. That makes them different types of secrets: a capture of the transmitted login codes will not compromise the 2FA seed. Even if you auto-generate the password in the same way, it's the actual valuable secret that needs to leave your device -- by design.

I don't know if a website database breach compromises both keys. Is the 2FA seed a pre-shared key, or is the algorithm asymmetric? I seriously hope it's the latter, but I don't know for sure.

0 comments

8cvor6j844qw_d68mo ago

Symmetric as another poster mentioned. With some margin for connection delays (e.g., server checks 3 codes (1 forward and 1 backward) for a total of 90 seconds) [1].

I'll be interested in a asymmetric variant although I'll probably use a popular library and call it a day if I have to get involved in 2FA.

[1]: https://auth0.com/blog/the-working-principles-of-2fa-2-facto...

bkettle8mo ago

Do we have the crypto to build an asymmetric variant? The way that I’d immediately think to do it is have the authenticator create a signature over the current time (chunked into 30-second windows) and the service verify that signature, but obviously those signature texts are way too long to manually enter as a one-time code. (Symmetric) TOTP solves this length problem by just truncating the output of a hash function, which both the authenticator and the service can produce because they have a shared secret. But in the signature case the service would need the entire signature to validate it; any truncation would make it useless.

It’s been a while since I did any crypto. But it feels like the shortness of the one-time-code probably makes it impossible to do asymmetrically. If this is indeed the case there is probably an elegant proof or some better way of thinking about why it’s impossible. I would be interested in reading that.

justincormack8mo ago

It is symmetric.

j / k navigate · click thread line to collapse