top | item 43239233

(no title)

daghamm | 1 year ago

This is very useful to anyone writing TOTP tools, big thanks to the author.

However, reading the article this section caught my eye:

"As we now know, SHA-1 has some fundamental weaknesses. ... But the TOTP authors disagree and allow a for some different algorithms to be used."

With significant compute resources SHA1 can be broken for some use cases, but I don't think this is one of them. Is HN aware of any practical attacks against TOTP-SHA1?

discuss

matthewdgreen|1 year ago

HMAC-SHA1 is not broken as a pseudorandom function. SHA1 is only broken for collision-resistance for the moment. That doesn't mean it's great, or that you shouldn't upgrade.

daghamm|1 year ago

Given that nobody uses TOTP with Sha256 today I assume there is no real reason to upgrade.

But has anyone actually reaserached this? For all we know, using hma-sha256 in TOTP may actually make it less secure.

jrootabega|1 year ago

Do you think that the technique of using the last 4 bits to choose a further pseudorandom 31 bits from the rest of the hash MIGHT mitigate SOME future weakness as a PRNG? Or do you have confidence it is completely useless? Or neither, of course.