Does anyone know how 2 factor authenticator services work? I'm curious how it's possible for the services reading them and the services creating them to predictably know the exact digit sequence at a given time without being knowable to 3rd parties. From an cursory undergraduate CS education it feels like a related but different problem to hash functions. Just curious!
[+] [-] jqpabc123|2 years ago|reply
Thereafter, this secret key is used by both sender and receiver to encrypt the current time and produce a hash code.
If the codes match and your login credentials are valid (2 factors), you are authenticated; otherwise, you are not.
Once you dig into it, it's not too hard to replicate. I wrote myself a simple desktop CLI program that duplicates the app on my phone. It retrieves the appropriate secret key (selected by key/name) from an encrypted data file and generates a code as needed and places it into the clipboard so I can easily paste into a login screen.
[+] [-] rewmie|2 years ago|reply
Also noteworthy: the current time is divided into coarse time periods (typically UNIX time divided by 30s?), meaning that slight differences in clock time of all participants don't matter because they can reproduce the same hash code during the time period.
[+] [-] cyb0rg0|2 years ago|reply
[+] [-] nancyp|2 years ago|reply
[+] [-] pestatije|2 years ago|reply
[+] [-] rbrown|2 years ago|reply