top | item 40880556

(no title)

dx034 | 1 year ago

My employer uses alphanumeric 2 factor codes and I'm so certain that they have a bias towards some letters (mostly y and z). I know I'm probably wrong and it's probably because they appear so rarely in real words, but I can't shake the feeling they aren't random.

Only problem is that I don't have the algorithm. I started writing down all codes I got but since I only get 5 a week, it's a long process. I'll probably switch jobs before I have valid results.

Not that it would change anything, but I'd be really curious how biases in those codes could appear.

discuss

usr1106|1 year ago

Is there a standardized, public, and widely examined algorithm that produces letters or did they run "their own crypto"?

chowells|1 year ago

Custom logic to serialize a number as a set of symbols hardly comes near the threshold of "rolling your own crypto". So long as they follow a standard to generate the number, the serialization is basically irrelevant as long as it's reversible.

motohagiography|1 year ago

aside, the adage "don't roll your own crypto," has this funny side effect of homogenization where a weakness empowers an attacker against the maximum number of targets and makes mass interception more cost effective.

I've found that interoperability across diverse implementations is ironically the best protection against schemes that weaken rngs and key entropy to facilitate mass interception. independent implementations become a proof of a protocol or algorithm implementation. if there is only one functional implementation of something, it's where I would look first.

jopsen|1 year ago

Could be fun to map TOPT to syllables, I you'd need 100 syllables give or take, then the code is 3 syllables.