Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to salt and or hash HOTP/TOTP secret on the server?

I am building a two-factor authentication system based on the TOTP/HOTP. In order to verify the otp both server and the otp device must know the shared secret.

Since HOTP secret is quite similar to the user's password, I assumed that similar best practices should apply. Specifically it is highly recommended to never store unencrypted passwords, only keep a salted hash of the password.

Neither RFCs, nor python implementations of HOTP/TOTP seem to cover this aspect.

Is there a way to use one-way encryption of the OTP shared secret, or is it a stupid idea?

like image 959
Paul Avatar asked Apr 12 '13 02:04

Paul


People also ask

Is TOTP more secure than HOTP and SMS?

TOTPs are considered an evolved form of HOTPs— they imply more security because of having an extra factor to meet the algorithm conditions. ✅ Hash-based one-time passwords can be more user friendly. Since they are not limited by the timesteps and can enter the code whenever they want to.

What is TOTP and HOTP?

April 4, 2022 By Rublon Authors. HOTP and TOTP are both one-time passwords. In other words, they are unique passwords that you can use only once. Since both are in use within 2FA and MFA security systems, it is easy to confuse them. The difference between HOTP and TOTP lies in the algorithm that generates them.

What are TOTP secrets?

A Time-Based One-Time Password or TOTP is a passcode valid for 30 to 90 seconds that has been generated using the value of the Shared Secret and system time. Most often, passcodes are 6-digit codes that change every 30 seconds. However, some TOTP implementations use 4-digit codes and expire after up to 90 seconds.

Where is 2FA secret stored?

Your 2FA secret key must be stored somewhere safe in the event that you lose access to the device with which you set up 2FA for your Standard Notes account. Typically, Standard Notes is the safe place to store your keys.


1 Answers

Is there a way to use one-way encryption of the OTP shared secret...?

Not really. You could use a reversible encryption mechanism, but there's probably not much point.

You could only hash an HMAC key on the server if the client authenticated by sending the complete unhashed HMAC key across the network, which is typically how password-based authentication works, but that would be vulnerable to replay attacks, which is exactly what HOTP/TOTP is designed to avoid.

why do we apply 1-way function to a password before storing it (salt+hash)...?

That's actually a good question.

I think it stems from the fact that early versions of the Unix operating system stored all its password information in a 'world-readable' /etc/passwd file, so they clearly had to be obfuscated in some way, and salt+hash just happened to be the method they chose.

Nowadays, one doesn't generally doesn't make their password file so freely available, so there's arguably no need to hash them at all.

However, there is another reason to obfuscate them, which is that passwords are generally chosen by humans, so, for convenience, they'll often choose the same password for multiple systems. I doubt the same is true for HMAC keys, which are (hopefully) selected using a cryptographically-stronger mechanism.

So, the main reason for hashing a password nowadays, is not so much to increase the security of your system, but to decrease the risk of compromising your users' security on other systems, should your system have been compromised.

If an attacker can read a plaintext password from your system, it's probably not much use to them, because they can probably also read everything else on the system anyway.

But, if the same password was also used on another system, then you've potentially given the attacker the means to compromise that system as well.

If humans could be trusted not to use the same password for multiple systems, then there'd probably be no need to hash them at all, but I think it's somewhat optimistic to assume that's ever likely to happen. :-)

like image 127
Aya Avatar answered Oct 17 '22 09:10

Aya