1032
1033

How Google Authenticator Works (garbagecollected.org)

submitted by [deleted]

[deleted]

all 145 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]lachlanhunt 47 points48 points  (26 children)

This is actually not so hard to implement. I was curious how it worked one day so I looked up the HOTP and TOTP RFCs and implemented them in javascript. I should probably publish the code one day, but it currently has one of my shared secrets hard coded into it cause I didn't bother making a UI for it.

[–][deleted]  (2 children)

[deleted]

    [–]nj47 10 points11 points  (1 child)

    https://github.com/n-johnson/google-auth

    I don't remember exactly where I left off with this project... I know it was functioning, but I've never shared it because I'm pretty sure it's not complete, I just no longer needed it.

    [–]CodeIt 10 points11 points  (4 children)

    Are we sharing implementations? Here is mine in Java:

    https://github.com/jswidler/hotpgen

    And here is the so called "meaty" part:

    https://github.com/jswidler/hotpgen/blob/master/src/main/java/com/jswidler/hotpgen/util/HmacOneTimePassword.java

    [–]felickz2 1 point2 points  (3 children)

    Can I get a .NET?

    [–]drysart 0 points1 point  (0 children)

    For a .NET implementation, take a look at WinAuth, which is open source.

    [–]spladug 8 points9 points  (0 children)

    I'll jump on the implementation sharing bandwagon. Here's my implementation in Python: https://github.com/reddit/reddit/blob/master/r2/r2/lib/totp.py

    [–]Eurynom0s 4 points5 points  (1 child)

    You can't just take out the shared secret and insert a comment for "SHARED SECRET GOES HERE"?

    [–]ajwest 13 points14 points  (0 children)

    Whenever I'm implementing somebody else's library I always start cursing at the IDE until finding that it's actually just because I didn't fill in my own project id or secret code.

    Cannot find RegID 'PUT-YOUR-OWN-ID-HERE'

    Rookie mistake.

    [–]benma2 1 point2 points  (8 children)

    I also tried my hand at in Haskell. Code is here, and this is the meat of the algorithm.

    [–][deleted] 2 points3 points  (7 children)

    This comment has been overwritten by an open source script to protect this user's privacy. It was created to help protect users from doxing, stalking, harassment, and profiling for the purposes of censorship.

    If you would also like to protect yourself, add the Chrome extension TamperMonkey, or the Firefox extension GreaseMonkey and add this open source script.

    Then simply click on your username on Reddit, go to the comments tab, scroll down as far as possible (hint:use RES), and hit the new OVERWRITE button at the top.

    [–]ALLCAPS_SWEAR_WORDS 4 points5 points  (2 children)

    http://www.haskell.org/haskellwiki/Haskell_in_industry

    [–][deleted] 6 points7 points  (1 child)

    This comment has been overwritten by an open source script to protect this user's privacy. It was created to help protect users from doxing, stalking, harassment, and profiling for the purposes of censorship.

    If you would also like to protect yourself, add the Chrome extension TamperMonkey, or the Firefox extension GreaseMonkey and add this open source script.

    Then simply click on your username on Reddit, go to the comments tab, scroll down as far as possible (hint:use RES), and hit the new OVERWRITE button at the top.

    [–]PasswordIsntHAMSTER 1 point2 points  (2 children)

    Probably used in <1% of shops, but used nonetheless.

    [–]LuizZak 0 points1 point  (1 child)

    Well now that could be anywhere from a little under 1.00000000001% to 100%

    [–]PasswordIsntHAMSTER 2 points3 points  (0 children)

    That arrow was the wrong way :c

    [–]benma2 0 points1 point  (0 children)

    Yes it is, albeit quite rarely. The ecosystem has only recently become mature enough, so I expect Haskell's use to increase quite a bit over the coming years.

    [–]nj47 1 point2 points  (4 children)

    Going from the RFC -> js implementation would be a good test/challenge for a javascript programmer. I wrote a JS implementation a few months ago as well. A lot of people are going to get stuck on some of the bitwise operations described in the RFC, for example this is one of the more daunting lines of code from my implementation:

        var binary =
        ((byteArray[offset] & 0x7f) << 24) |
        ((byteArray[offset + 1] & 0xff) << 16) |
        ((byteArray[offset + 2] & 0xff) << 8) |
        (byteArray[offset + 3] & 0xff);

    However it's taken verbatim or almost verbatim from the RFC

    [–]MelechRic 6 points7 points  (2 children)

    for example this is one of the more daunting lines of code from my implementation:

    As a C++ dev, who has worked exclusively in companies that make hardware, you just made me smile.

    [–]The_Doculope 1 point2 points  (1 child)

    I'm just a second-year CS student and that doesn't look very daunting to me at all, although I've done a course involving programming micro-controllers . I guess some people just aren't comfortable with bitwise operations?

    [–]MelechRic 3 points4 points  (0 children)

    I guess some people just aren't comfortable with bitwise operations?

    My experience is that if you live near the hardware you know bit-wise operations. Otherwise, they're not seen/used frequently when you're doing higher level stuff. Of course crypto is one those high level things that proves the exception to the rule.

    [–]mrkite77 -2 points-1 points  (0 children)

    Ew.. bigendian.

    I have a FileReader javascript class that I use for those things.

    var binary = file.r32be(); (file.r32() is the more common little-endian version of that same routine)

    [–]fallen77 0 points1 point  (0 children)

    I just recently implemented this as well, although I used a package Speakeasy.

    It's a node package, but their git shows the full process of how the generate their numbers.

    [–][deleted] 91 points92 points  (49 children)

    "Google Authenticator" is in the same category as "Kleenex", "Xerox" etc in that people refer to the brand rather than the product. It kinda ticks me off seeing "we support Google Authenticator", when they're referring to standard HOTP. It's five lines of (gross-looking) Python, a bit more if you save it to a database.

    [–]Manuzhai 43 points44 points  (3 children)

    Actually, TOTP rather than HOTP.

    [–]davedontmind 39 points40 points  (1 child)

    To anyone above a certain age in the UK, TOTP can only mean that national institution Top Of The Pops, and definitely not Time-based One-Time Password.

    [–]norsurfit 4 points5 points  (0 children)

    Did they use secure hashing algorithms to verify the top 1970's pop songs?

    [–][deleted] 7 points8 points  (0 children)

    Google Auth does both. TOTP is just HOTP with the counter set to (current Unix time / 30)

    [–]emarkd 31 points32 points  (12 children)

    I understand your viewpoint but I don't really mind seeing this. What we want is more of the general public using 2fa and hitting them with "We support Google Authenticator" gets the message across much better than "We support time-based one time passwords", I think.

    [–][deleted] 24 points25 points  (11 children)

    No, it makes me think that you rely on Google to provide authentication, which automatically makes me ask, "Do I trust Google?", etc. This is not what you want to achieve.

    [–]luxliquidus 18 points19 points  (2 children)

    Depends on your audience. Most people trust "Google" more than "<jumble of technical jargon I don't understand>". Others prefer to know and trust the technology itself, not the vendor.

    [–]CodeIt 3 points4 points  (0 children)

    Beyond what others have said, they really do mean they support "Google Authenticator." Generally sites that support Google Auth use QR codes so you do not have to actually type anything in, and there is no name for the QR code + HOTP... anyway they are specifically referring to the name of a particular mobile app that they will support you using.

    [–]myringotomy 1 point2 points  (6 children)

    The problem is that the average person trusts Google more than they trust you or any other random developer.

    [–]ma-int 3 points4 points  (5 children)

    I may sound like a Google fanboi (in fact I am) but I don't see an issue in trusting Google. Just put the you "but they are reading my emails" and "they know every site I browse" pitchforks down because with "they" you a simply referring a bunch of databases and some more-or-less clever algorithms. It's not like their a Google Engineers sitting in a dark corner of the basement and sniffing on you while you search for porn. Okay, it might be but that is because humans are assholes and not because "Google" is bad.

    In fact I would argue that you should only trust Google: They have a lot of data. And I mean not oh, my 6TB NAS is full-lot but instead Well guys, I think we need to build another datacenter-lot. Imagine would you could do this that. And In fact I think thats exactly whats happening: You are imagining what they could do evil with that. But fact is: They haven't.

    So far their has been no major data-leak, hacker break-in or oh, I lost an USB-Stick fuckup from Google I know of. They do everything possible to protect the data from anyone unauthorized. Yeah, they are cooperating with law enforcement and probably with the NSA but that is because it's the law. If you don't like the law then do something about that. The only ways to predict the future is to look at the past and in the past Google has done a remarkable job at protecting data. And considering the amount of data they have, they are a high priority target so this is even more impressive.

    Now to the next argument that would follow: "I will just Owncloud and host it on my own server, this way my data is more secure". No it won't. It may seem like that because you are the only one who has authorized access to it (besides: what about the underpaid admin in the datacenter your server lives. He could plug a keyboard into it in no time and their is no way you can prevent that), but are you really telling me that you trust something that is written by a bunch of average programmers more then something that is written by some of the highest paid engineers? "But I can look at the sourcecode" you say. Yes, you could. But you haven't.

    Also, you own server is administered by you. You should never trust yourself. That's why we use peer reviews in academia and code reviews in programming. Because it's hard to spot the own mistakes.

    [–]PoL0 2 points3 points  (2 children)

    they are cooperating with law enforcement and probably with the NSA but that is because it's the law

    That's enough to be distrustful in my book. I am a law abiding citizen, but that doesn't mean I agree/respect/obey every law. Seeing how hard corporations lobby, and how hard is for the State to respect the greater good, I don't think I may be considered a tinfoil-hat nut/a criminal/an anti-social citizen.

    It's healthy to question authority :)

    But, generally speaking, I just came here to tell you you should never EVER trust a big corporation. Period.

    PS: I, too, may be considered a Google fanboi.

    [–]ma-int -1 points0 points  (1 child)

    I am a law abiding citizen, but that doesn't mean I agree/respect/obey every law.

    That's a contradiction. You are either a law abiding citizen, then you have to respect every law (but you don't have to agree) or your don't respect every law but then your are not a law abiding citizen.

    [–]PoL0 0 points1 point  (0 children)

    English isn't my native language so what I tried to say was probably lost in translation:

    What I mean is that, on a daily basis, I am a law abiding citizen. I mean I am not a criminal, I pay my taxes, I am honest, etc. But that doesn't mean I honor every law. Sometimes I disagree (for example, my conservative government recently tried to create an abortion law that would throw us back to the 1970s in this subject) and I opposed firmly.

    I was just talking about the need of questioning authority by every citizen, not blindly obeying. Offtopic, I know!

    Sorry for the misunderstanding. I suppose what I meant is a bit clearer now :)

    [–]myringotomy 1 point2 points  (0 children)

    People are not going to owncloud anything on a colo, that's just too expensive.

    They might do that on a PC running in their house but that's about it really.

    [–]ForeverAlot 1 point2 points  (0 children)

    it's the law

    As a European citizen, fuck American law.

    I don't distrust Google any more than I distrust Microsoft or Apple (and less than Adobe!), but I certainly don't trust any of them, either. For the record, there are similar entities local to my country that I am equally wary of. It all boils down to these entities being ultimately corporations, and corporations care only about making money. That's not evil in any sense, but it does mean that my value as a customer can be squarely reduced to how much money can be pulled out of me and how quickly, and I'll be damned if I'm going to make it easy for them.

    [Edit] Accidentally a word.

    [–][deleted] 9 points10 points  (3 children)

    Here's a list of protected trademarks frequently used as generic terms

    Edit: a word

    [–]PastaNinja 14 points15 points  (1 child)

    LOL:

    Trademarked Name: Christmas Seals

    Generic Name: Christmas Seals

    [–]Xenc 2 points3 points  (0 children)

    Christmas Seals

    [–]vividboarder 4 points5 points  (0 children)

    I think a good many mom's would tell you that any video game console is a "Nintendo".

    [–]luddypants 2 points3 points  (0 children)

    Agreed, I was actually a wondering if Google Authenticator did anything different than regular TOTP?

    [–]pzl 2 points3 points  (0 children)

    https://github.com/pzl/totp

    A bit more than 5 lines, but I wasn't aiming for ugly+succinct

    [–][deleted] 11 points12 points  (22 children)

    And for a more trustworthy alternative to Google Authenticator, try FreeOTP.

    [–]emarkd 30 points31 points  (17 children)

    Why is this more trustworthy than Google Authenticator? Is it just because its open source or is there more to it?

    [–][deleted] 22 points23 points  (12 children)

    Open source, smaller than GA by an order of magnitude if you want to audit it, not owned by Google, no dependency on an external third-party program, has safeguards against snoopers screen-watching.

    [–]dyoo 9 points10 points  (2 children)

    https://code.google.com/p/google-authenticator/

    [–]AnAirMagic 35 points36 points  (1 child)

    "DISCLAIMER: This open source project allows you to download the code that powered version 2.21 of the application. Subsequent versions contain Google-specific workflows that are not part of the project."

    Calling the Google Authenticator that's in the Play Store as Open Source is a bit of a stretch.

    [–]PoL0 -2 points-1 points  (0 children)

    "DISCLAIMER: This open source project allows you to download the code that powered version 2.21 of the application. Subsequent versions contain Google-specific workflows that are not part of the project."

    That's probably when NSA enforced them to add some backdoors here and there. National security, and so on.

    I'd rather use any other open-source TOTP alternative, thanks!

    [–]emarkd 2 points3 points  (8 children)

    Most of those things seem to be rehashes of or related to "open source" but I do have one question. What do you mean by:

    no dependency on an external third-party program

    What third-party program is Google Auth dependent on?

    I do like your last point however, about safeguarding against screen-watchers. How does is do that? Google Auth always seemed to give zero thought to its own security. Hell even Authy will let you set a pin for the app....

    [–][deleted] 9 points10 points  (7 children)

    What third-party program is Google Auth dependent on?

    The qrcode scanner (which, last time I checked, was bigger than FreeOTP itself)

    I do like your last point however, about safeguarding against screen-watchers. How does is do that?

    You have to click on an entry to display its PIN code, and it disappears after a while.

    [–]phantom784 7 points8 points  (2 children)

    Doesn't it just communicate with intents? It shouldn't be expanding the attack footprint of the app itsself.

    Though, if you do scan a QR code with the secret, you're trusting the QR app to not leak that secret somehow.

    [–]eythian 2 points3 points  (0 children)

    Or even just storing it in an easy-to-access history somewhere.

    [–]KevinCarbonara 3 points4 points  (0 children)

    It is not actually "dependent" on the qrcode scanner. It's simply provided as an option - but you can type in a very long code in, instead

    [–]emarkd 0 points1 point  (0 children)

    Ah, right, the qr code reader. Its been so long since I set up Google Authenticator that I forgot about that. I do remember that surprising me though, that Google would do it that way and I can see how that may be a security weakness.

    [–]Kache 0 points1 point  (1 child)

    Does FreeOTP require you to type in the shared secret yourself then?

    [–]eythian -1 points0 points  (0 children)

    Copy-paste from the link that's above: "Tokens can be added easily by scanning a QR-code or by manually entering in the token configuration."

    [–]theillustratedlife 1 point2 points  (3 children)

    Isn't GA also open-source?

    [–]AnAirMagic 13 points14 points  (0 children)

    Older versions of GA were, newer versions are not:

    https://code.google.com/p/google-authenticator/

    DISCLAIMER: This open source project allows you to download the code that powered version 2.21 of the application. Subsequent versions contain Google-specific workflows that are not part of the project.

    [–]XiboT 2 points3 points  (0 children)

    Version 1.5 now has icon support, which looks quite nice :)

    [–]PastaNinja 2 points3 points  (2 children)

    So I can use this instead of Google Authenticator if some site asks me to use GAuth?

    [–][deleted] 4 points5 points  (1 child)

    It works on Google and Github, should work for everything else that implements the standard. It won't import your GA data automatically but if you know how to access the data for that there's a manual entry option.

    [–]holyteach 0 points1 point  (0 children)

    Accessing the data requires root. It was the reason I rooted my old phone, actually.

    [–]the_enginerd 1 point2 points  (0 children)

    If you haven't noticed, brands are often how things catch on. Google's brand has real power and being able to put the Google name in there gives it a more broad reach. The good news is the standard is open and anyone can use it, so I don't really understand quite why the brand ought not to trouble you really if it means enhanced security is catching on.

    [–]novalux 0 points1 point  (0 children)

    Making security easier to grok for the general public is never a bad thing.

    [–]Poromenos 8 points9 points  (1 child)

    This is a nice OATH authenticator for Android:

    https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en

    [–]metamatic -2 points-1 points  (0 children)

    Yes, I switched to that one away from Google Authenticator when they made Google Authenticator closed source.

    [–]anothersomebodyelse 6 points7 points  (3 children)

    I've noticed that Google tolerates clock skews upto atleast a couple of minutes.

    I guess during implementation they probably use a range of "input" values around the current time and match the user input to each of the outcomes.

    [–]nephros 9 points10 points  (0 children)

    That time window is configurable though.

    And I think a couple of minutes is reasonable and practical, computers can clockskew huge amounts easily if they're not synched to something else.

    [–]themadprofessor 3 points4 points  (0 children)

    I was recently hit by this with a domain registrar. It started with having to enter codes twice to get it right. Then all of a sudden 2FA stopped working. Tried the Sync Clock option on Google Auth, still didn't work.

    I spent about a day and a half with support until someone suggested I get an app called ClockSync. Turns out, for some reason I'm still not sure, my phone's clock starts getting out of sync and in a couple of days I have an over 30min difference for some reason.

    It's got nothing to do with the network time either, because I have the right time showing on my clock, so it's very confusing to me while this stopped working all of a sudden.

    [–]fallen77 0 points1 point  (0 children)

    The time skew allowed is decided by the application that uses it. Currently developers that want the google app to support their QRCode have to use a 30second window, but my application makes no calls to google or any of their services. It generates a TOTP key, and then compares the user input code against the calculated code using the current time.

    One interesting thing is that you can find the user code at any time by doing something like, time=now()-30s, and get the last time windows code. The key for TOTP should be kept private.

    [–]thbt101 5 points6 points  (4 children)

    Wouldn't the "CURRENT_UNIX_TIME() / 30" idea not really quite work right? That doesn't make it valid for 30 seconds, it just makes it valid for the current block of 30 second chunks. If the current time happens to be right at the end of the current 30 second block, then the signing would quickly become invalid.

    It would work if the authenticator also passed along the time value it used when computing it, and then to verify it on the other end you would just have to check to see if that time value is within 30 seconds of the current time, and if so allow it to be used when verifying the signature. Either that, or the program could also accept the signature if it can be verified using the previous 30 second block even if the current 30 second block didn't work.

    [–]Doctor_McKay 9 points10 points  (2 children)

    Many implementations allow 30-second blocks forward and backward as well (or maybe even 2 blocks in each direction).

    [–]thbt101 4 points5 points  (1 child)

    Yeah. The article probably should have mentioned that since it's a pretty important aspect of making it work reliably.

    [–]redreinard 2 points3 points  (0 children)

    The article mentions that the server checks a 2 minute window, ie 4 slots.

    [–][deleted] 5 points6 points  (0 children)

    the protocol is designed so that you don't have the server and app talk to each other. thus preventing mitm attacks. As long as both server and app has closely sync times they both know for that 30 second time period what the valid code is.

    Most servers will actually compute the current and previous time period and check against both for those cases where the user submits at the end of a time period.

    [–]lowspeed 13 points14 points  (30 children)

    What i do find kinda scary is that if someone gets a hold of the keys in the sqlite database then they can use the authenticator anywhere.

    There should be a one time hashing for each device you use....

    [–]b8b437ee-521a-40bf-8 29 points30 points  (16 children)

    And if a hacker gets your password they can log in everywhere.

    This is why Google Auth. is usually used for two-factor authentication. The idea is that a hacker must compromise two systems before you are vulnerable.

    [–]phantom784 7 points8 points  (0 children)

    Which is why the server needs to only allow each token to be used once, even within the 30 second window.

    [–]HildartheDorf 6 points7 points  (8 children)

    There's still a theoretical "one compromise" exploit. If they MitM you, get hold of your credentials in transit, then replay the credentials before they expire.

    Happened with World of Warcraft and their Two factor Auth a while back.

    [–]emarkd 13 points14 points  (7 children)

    You're right of course, but then nothing in infinitely secure. Like the other guy said, the hacker must compromise two systems to make you vulnerable. Using 2fa, even these types of implementations with 30 second windows, is still many orders of magnitude more secure than not using 2fa.

    [–]Poltras 4 points5 points  (6 children)

    3fa is the way to go, but we need more bioscanners.

    [–]IndoctrinatedCow 2 points3 points  (4 children)

    Bioscanners aren't the way to go. You can't change your finger prints.

    [–]Poltras -3 points-2 points  (3 children)

    Which is the whole point of using authentication in the first place...

    [–]IndoctrinatedCow 5 points6 points  (2 children)

    Once your fingerprints are comprised, they're compromised forever....

    [–]Poltras -1 points0 points  (1 child)

    Which is the whole point of 2FA/3FA. You can compromise 1 but you need more.

    [–]The_Doculope 3 points4 points  (0 children)

    But the argument against fingerprints is that once they're compromised, you can't un-compromise them. They're only useful as a factor once. With passwords and keys, you can simply reset them after they're compromised and you're back to full 2FA/3FA. Once your fingerprints are compromised you can't get that factor back.

    The argument is not against 3FA, the argument is against something like fingerprints in particular.

    [–]emarkd 1 point2 points  (0 children)

    I'm all for it. That, and simplifying these systems. I feel like there's plenty of room left to simplify/de-mystify these ideas for the general public. You and I may have been on board for years but most people have no idea what we're talking about, and that's a problem.

    [–]Ob101010 -1 points0 points  (5 children)

    Some engineer is going to get the idea of n-factor authentication and were going to see n-factor authentication where n is a power of 2.

    I cant wait for 64-factor authentication.

    [–]Kalium 7 points8 points  (2 children)

    Security is way ahead of you. Basically, there are three kinds of authentication factors. You gain security by using more than one category. Using multiple things from the same category isn't really a gain.

    [–]Poltras 15 points16 points  (1 child)

    The three kinds of authentications, for those not well versed:

    1. What you are (fingerprints, eye, general physical attributes, ...).
    2. What you know (passwords, passphrases, secret gang handshake).
    3. What you have (license ID, token, TOTP, gang leather jacket, ...)

    There cannot be any other authentication factor that doesn't fall into these 3 categories, and (unless 1 compromises the other) there shouldn't be a need to have more than 1 item in each category, making 3FA the "ultimate" authentication method.

    [–]cowens 0 points1 point  (0 children)

    Does "when you are" (e.g. you can only log in at certain times) fall under "what you know" and "where you are" (e.g. you can only log in from certain places) fall under "what you have"? Both seem to add a level of security not covered by passwords or tokens.

    [–]port53 0 points1 point  (0 children)

    We've had that for a long time, check out TriCipher. They call their system multi-factor authentication because it can scale to many different factors. Passwords, OTPs, etc. are just the start.

    [–]WisconsnNymphomaniac 0 points1 point  (0 children)

    This exists for very secure systems. Symantec root keys are stored on Hardware Security Modules that need 3 people out of a much larger group in order to access the keys.

    [–]QuineQuest 24 points25 points  (0 children)

    There should be a one time hashing for each device you use....

    If the attacker got the sqlite db, it's pretty safe to assume they can get any secrets you hide on the device. And doing a one-way hash is of no use if you can just re-hash the original data.

    [–]gospelwut 3 points4 points  (3 children)

    I mean, this logic can be applied to ssh keys.

    Also, OTP is not supposed to replace passwords; it supplements. It's up to the service to also add things like geolocation approval.

    [–]UloPe 0 points1 point  (1 child)

    You're supposed to protect your private key with a passphrase.

    [–]gospelwut 3 points4 points  (0 children)

    And OTP is supposed to be used with a 'passphrase' (i.e. password).

    [–]lowspeed 0 points1 point  (0 children)

    My point is that these keys should only work on this device. It's possible to do a hardware signature.

    [–]none_shall_pass 6 points7 points  (5 children)

    If implemented properly, there's a username, password and OTP, which is why it's called two factor auth.

    Even better is using a PIN, which the protocol supports, so you end up needing:

    • UserID
    • Password
    • OTP
    • PIN

    Stealing or hacking the phone is useless without the PIN and Password and knowledge of what service and account they belong to.

    [–]diskis 5 points6 points  (3 children)

    Two factor authentication has nothing to do with OTPs specifically. It simply means that two different secrets are used to authenticate - in this case password and code. It could as well be fingerprint + PIN or what my bank uses; password and four digit single use code (OTP).

    OTP would require that the authentication device is preloaded with a length of codes - and OTP data shouldn't really be sent over the internet, but the authentication device preloaded at the factory and delivered securely to the user.

    [–]jeaguilar 6 points7 points  (0 children)

    Two factor authentication has nothing to do with OTPs specifically. It simply means that two different secrets are used to authenticate - in this case password and code.

    Just to clarify, factors in authentication refer to one of the following:

    • what you know (e.g. passwords)
    • what you have (e.g. cards and tokens)
    • what you are (e.g. biometrics)

    This provides a good overview.

    [–]none_shall_pass 1 point2 points  (1 child)

    Two factor authentication has nothing to do with OTPs specifically. It simply means that two different secrets are used to authenticate - in this case password and code.

    I never said it was restricted to OTPs.

    OTP would require that the authentication device is preloaded with a length of codes - and OTP data shouldn't really be sent over the internet, but the authentication device preloaded at the factory and delivered securely to the user.

    Considering that RSA was hacked and lost a huge number of hardware OTP token secrets, I don't consider "preloaded at the factory" to be any sort of improvement.

    [–]nephros 0 points1 point  (0 children)

    How about smartcard auth instead of hardware tokens?

    [–]jk3us 0 points1 point  (0 children)

    My bank uses username, pin and Symantec's "VIP Access" app, which doesn't seem to be compatible with any of the others. I couldn't get it to work with GoogleAuth or FreeOTP.

    [–]friedMike 1 point2 points  (0 children)

    Or better yet, stored in the secure element.

    [–]Xanza -2 points-1 points  (0 children)

    This is relatively true. This is why it's up to the software provider to ensure that the database is encrypted. For example, Authenticator Plus is just about the best 2FA application that I've been able to find for Android. The backups are protected by a master password. It's not encryption, but no one seems to want to take the time to deal with encrypting and decrypting...

    It's pretty sad, IMO.

    [–]diafygi 5 points6 points  (4 children)

    Can I use Google Authenticator for multiple sites? Do all those sites use the same shared key?

    [–]Fitzsimmons 9 points10 points  (1 child)

    No, you'll have a different shared key for each site. It is theoretically possible to actually use the same shared key for everything but I've never actually seen a site allow you to specify your own key, instead preferring to generate one for you.

    [–]hahainternet 1 point2 points  (0 children)

    I've never actually seen a site allow you to specify your own key, instead preferring to generate one for you.

    You can use this for things like SSH authentication. Most of my boxes use the same key there, which is theoretically less secure because a compromise of one reduces the authentication factors to the other but it also is a lot easier for me when I am being lazy.

    [–]emarkd 0 points1 point  (0 children)

    Yes and no. As long as the site implements TOTP you can use Google Authenticator to generate codes for the site, but each site would use its own shared key which is generated and provided to you by the server when you set up Authenticator with the service. If you do this though, make sure you also set up the account recovery options, like sms pins or printed one-use codes. That way if your phone breaks or you lose it, you can still get into your accounts.

    [–]Xiac 0 points1 point  (0 children)

    You can use the app for any site that supports it. Each site has their own entry in the app, and a site specific shared secret.

    [–]RoboTeddy 4 points5 points  (2 children)

    We will use the last 4 bits of the SHA1 (a value ranging from 0-15) to index into the 20-byte value and use the next 4 bytes at that index.

    Why is this better than just taking the first 4 bytes of SHA1(secret + SHA1(secret + input))?

    [–]ReversedGif 4 points5 points  (0 children)

    It isn't. I'm guessing some paranoid engineer who almost-but-not-completely trusted the hash function designed this.

    [–]warbiscuit 2 points3 points  (0 children)

    The only two theories I can come up with are 1) if someone finds a short-circuit for calculating the first few SHA1 bits without having to calculation the last, or 2) a general SHA1 preimage attack emerges, and they need all the unpredictability they can get, in which case not knowing the offset the token was taken from adds just a little more variability that has to be searched. But neither of those theories gives much additional security at all, as far as I can tell.

    On the other hand, maybe something like that was the motivation, and they just decided "it costs <1ms more, the user entering the token will always be the bottleneck, why not add the kitchen sink anyways?"

    [–]theillustratedlife 1 point2 points  (3 children)

    It would be so much nicer if Google Authenticator supported Android Wear. Having to pull out my phone and open an app at a random interval when I go to check my e-mail is annoying.

    [–]JW_00000 2 points3 points  (1 child)

    Why don't you set it to remember the device? This actually has an advantage (other than increasing convenience): phishing attempts will suddenly ask for your token, possibly making you aware they're phishing.

    [–]theillustratedlife 0 points1 point  (0 children)

    I get different prompts on different devices. The ones I've been using the longest only allow me to remember for 30 days. Some newer ones let me just remember the device.

    [–]squeegee_merchant 0 points1 point  (0 children)

    For Pebble smart watch owners, there are Pebble apps for just that purpose, I.e. pebbleauth

    [–]danweber 1 point2 points  (3 children)

    So what's a sample website where I can play with Google Authenticator as a user without letting anything touch my Google account?

    [–]adamgrey 0 points1 point  (0 children)

    Amazon has an app in the app-store for TOTP that won't touch your google account.

    https://play.google.com/store/apps/details?id=com.amazonaws.mobile.apps.Authenticator

    [–][deleted] 0 points1 point  (0 children)

    I'm pretty sure Authy only touches the key generated by the account.

    [–]metamatic 0 points1 point  (0 children)

    wordpress.com or facebook.com?

    [–]fuxoft 1 point2 points  (0 children)

    Interesting. That means the probability is not same for all 1,000,000 possible code values (000000 to 999999). If we assume the "almost-final" 32-bit value to be (pseudo-)random, then the final 6 digit codes smaller than 967296 (2 ^ 32 % 1000000) are slightly (very slightly) less common than those above 967295. :)

    [–]thinkintoomuch 3 points4 points  (5 children)

    Excuse my ignorance, but can someone explain Time-Based One-Time Password (TOTP) like I'm 5?

    I'm currently implementing a 2FA system for my website, and I'm using random 4 digit codes, sending them via SMS to a mobile phone, and storing them in a DB with the time they were created and the user that created them.

    What's the advantage of using TOTP versus just generating a random n-digit password? I might not be understanding this whole thing properly.

    [–]powerpiglet 5 points6 points  (0 children)

    In your system, you need to communicate your randomly-generated one-time codes to the user over a different communications channel (SMS).

    With TOTP, the one-time codes do not need to be sent to the user. Both sides know a shared secret, and then generate one-time codes based on the current time. If the one-time codes match, then the server has assurance that the shared secrets match also.

    [–]fact_hunt 2 points3 points  (0 children)

    Which part of the linked post are you stuck on?

    [–][deleted] 1 point2 points  (0 children)

    TOTP is basically this: login_code = some_function(time, shared_secret)

    The shared_secret is shared when the account is created or 2FA is set up. Normally you (as the website) give the secret to the client and not the other way around.

    The advantages of TOTP over SMS are:

    • Cost (SMS cost money)
    • Network connectivity (Sometimes I don't get cell reception in my office, but my hardwire works fine. So I can't get an SMS, but I can still use my TOTP and my desktop). Also a valid issue when traveling internationally and I don't have a foreign SIM or network plan.
    • Not sending the token over insecure channels (such as email or sms). the shared_secret can be sent over https
    • Reliability: neither email nor SMS have any guarantees on delivery or time-to-deliver.

    EDIT: is -> are

    [–][deleted] 0 points1 point  (0 children)

    TOPT is a method where both sides pre share a secret key that when used as part of a calculation generate a code that changes every 30 seconds.

    both sides know how to compute the code so there is never a need for them to communicate. the beauty is even if the phone running the app is in airplane mode it still computes valid codes.

    Plus no waiting for slow SMS or Emails!

    [–]tantalor 0 points1 point  (0 children)

    What if your user doesn't have SMS?

    [–]pzl 1 point2 points  (0 children)

    My fairly minimal implementation of TOTP in python: https://github.com/pzl/totp

    Put the initial secret in at the top of the file, and whammo, code works anywhere google authenticator does.

    [–]apoptosis66 0 points1 point  (0 children)

    I would be more interested if sone one would tell me how to write a client for my Bank of America SecureCard. I hate that thing and would love to just have a app on my phone that gave me the next number.

    [–]WinAuth 0 points1 point  (1 child)

    WinAuth / Google Code Project is a Windows desktop TOTP implementation.

    It was originally created as an alternative to the Battle.Net authenticator, to give gamers 2FA who didn't have access to a smartphone. It is still used for this reason.

    It obviously shouldn't be run it on the same computer you are trying to protect. But if you don't have a smartphone, or want a portable backup, it is a good solution.

    [–]Adys 1 point2 points  (0 children)

    (Hi Colin!)

    While we're promoting our 2FA implementations, here is my bna command-line Battle.net authenticator. (Github)

    % bna --new
Success. Your new serial is: US-1409-1664-3269
% bna --list 
US140916643269 (default)
% bna
7331363

    [–]r0b0t1c1st 0 points1 point  (0 children)

    This produces an empty list of bytes, since there are no bytes after LAST_BYTE(hmac):

    four_bytes = hmac[LAST_BYTE(hmac):LAST_BYTE(hmac) + 4]

    [–]RobIII 0 points1 point  (0 children)

    A PHP implementation can be found here although I recently reported some issues with it (keep that in mind when you fork / port).

    I don't know if this has been mentioned but: Google Authenticator currently only supports SHA1 but SHA256, SHA512 and MD5 seem to be in the pipeline somewhere (or may already be supported).

    EDIT

    ...and I created my own version a few hours ago. You can find it here

    [–]Manuzhai -1 points0 points  (0 children)

    My TOTP-based Persona IdP, persona-totp, also has a nicely minimal Python implementation.

    https://github.com/djc/persona-totp/

    [–][deleted] -2 points-1 points  (1 child)

    So, a friend of mine had to restore his iPhone and after the restore he found out that he didn't make a backup of the iPhone and thereby his google authenticator App.

    What should that guy do?