1

I know that OTP (One-time password) system is the most secure method for now if online.

Online OTP systems, like sending code to a phone is secure because the attacker cannot know the code if he doesn't have the phone or can intercept the content of the message.

However, offline OTP looks not secure, because it doesn't need a network connection. The server and client should share the same algorithm to create the code. Maybe they use some public key that shared between server and client and timestamp.

It's not so different from using just a password. If the attacker knows the public key, he can use the key with the algorithm and make the same OTP code with his local system.

I'm not sure the offline OTP system is secured. How do you think about it?

schroeder
  • 123,438
  • 55
  • 284
  • 319
user254623
  • 11
  • 1
  • 4
    Does this answer your question? [How does Google Authenticator work?](https://security.stackexchange.com/questions/35157/how-does-google-authenticator-work). Also see [how hardware OTP tokens work](https://security.stackexchange.com/questions/122281/how-do-hardware-otps-work/122298). – mentallurg Mar 30 '21 at 03:45
  • Second factor need not to be a highly secured. Because it use with another primary factor. – Infra Mar 30 '21 at 04:47
  • Thanks for comment. I already read that. So server and client share a key and if attacker get the key, he can solve OTP I think. It's not different with using just two password I think.. – user254623 Mar 30 '21 at 06:13
  • @user254623 it is different, because the shared secret is *never* transmitted - only a temporary number derived from it. Even if someone monitors all aspects of your login they will not learn the secret. – vidarlo Mar 30 '21 at 07:45
  • 1
    "if attacker get the key" -- how? I think you need to re-read the links provided above. – schroeder Mar 30 '21 at 10:17

2 Answers2

1

Online OTP systems, like sending code to a phone is secure because the attacker cannot know the code if he doesn't have the phone or can intercept the content of the message.

And intercepting the message is easier than stealing a physical device. It can be done from another country, in a massive scale.

SMS, for example, can be easily hijacked, either by SIM swapping, or by using SMS re-routing systems. There are lots of applications that monitor SMS on the phone and send it somewhere else.

Email isn't any better. If the attacker manages to control any router in the email route, any message coming by that router can be intercepted. Unless the email content is encrypted, they can be read.

But what about STARTTLS? Sadly, it's more for show than anything. The initial exchange on the SMTP conversation is on clear, and if the server advertises he supports TLS but the client does not accept, the entire exchange is on clear. If the server provides a mismatched certificate, the exchange continues as normal:

TLS is intended to ‘fail open’ in the event of send failure, rather than ‘failing safe’ (whereby if errors occur, the email fails to send at all). Thus in the event of failure, TLS falls back to regular SMTP and messages are sent in clear text.

However, offline OTP looks not secure, because it doesn't need a network connection.

Quite the opposite. Without network connection, an attack cannot be made on a large scale. Hacking the SMTP server of a regional ISP means an attacker can steal any online OTP code from email. But stealing offline OTP codes means hiring a horde of thieves stealing phones from people.

It's not so different from using just a password. If the attacker knows the public key, he can use the key with the algorithm and make the same OTP code with his local system.

It's way different from a password. The vast majority of passwords are easy to break. For example, researchers cracked more than 11 million passwords on the infamous Ashley Madison leak. A paper on leaked passwords shows that lots and lots of people reuse passwords, so one leak can compromise several other accounts for the same person.

OTP is created by the system, not the user. This guarantees way more entropy than a password. And if an attacker steals both the bcrypt hashes and OTP shared secret of your account at Gmail, it will do nothing to help break Facebook, for example, if both are using OTP.

I'm not sure the offline OTP system is secured.

It is. Way more than a password. You should get a password manager, and enable OTP on every single service you use, and let the password manager generate all passwords for you.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
0

TOTP is mostly a workaround against unsafe user behaviour. What it essentially does is allow websites to require strong random passwords while still being usable, because the passwords are store and at the point of entry are reduced to six-digit numbers. It also largely stops users from storing those passwords in an insecure place. If you use a long unique randomly generated password for every website, and never store it anywhere except a reliable password manager, TOTP doesn’t add very much to your security (it adds a bit, because you then basically have two different passwords stored in different places, with both of them needed to allow access, and an attacker might not get both of them). But that’s not what most users do.

Mike Scott
  • 10,118
  • 1
  • 27
  • 35