You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The secret created by the createSecret() function is too short according to the standard.
The TOTP standard references the HOTP RFC for the algorithm, which is RFC 4226. It says:
The algorithm MUST use a strong shared secret. The length of
the shared secret MUST be at least 128 bits. This document
RECOMMENDs a shared secret length of 160 bits.
The secret created in your code is by default 16 bytes base32 encoded. That corresponds to an 80 bit secret. (There is probably a common misunderstanding that people believe 16 bytes corresponds to 16*8 bits, but that ignores the base32 encoding, which reduces the character space by 3 bits.)
In theory this could be considered a security vulnerability. However it's a very theoretical one, as 80 bits is still a security level that is probably outside the possibilities of any real attacker. However it gets somewhat dangerously close to what could be broken by a powerful attacker, so better stick to the recommendation from the standard.
Here's also a blogpost discussing too short TOTP secrets (however I found the blogpost a bit confusing and it took me a while to realize that with a 16 byte secret we're still far away from any practical attack): https://www.unix-ninja.com/p/attacking_google_authenticator
The text was updated successfully, but these errors were encountered:
The secret created by the createSecret() function is too short according to the standard.
The TOTP standard references the HOTP RFC for the algorithm, which is RFC 4226. It says:
The secret created in your code is by default 16 bytes base32 encoded. That corresponds to an 80 bit secret. (There is probably a common misunderstanding that people believe 16 bytes corresponds to 16*8 bits, but that ignores the base32 encoding, which reduces the character space by 3 bits.)
In theory this could be considered a security vulnerability. However it's a very theoretical one, as 80 bits is still a security level that is probably outside the possibilities of any real attacker. However it gets somewhat dangerously close to what could be broken by a powerful attacker, so better stick to the recommendation from the standard.
Here's also a blogpost discussing too short TOTP secrets (however I found the blogpost a bit confusing and it took me a while to realize that with a 16 byte secret we're still far away from any practical attack):
https://www.unix-ninja.com/p/attacking_google_authenticator
The text was updated successfully, but these errors were encountered: