To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

Time-based one-time password

From Wikipedia, the free encyclopedia

Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) using the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238.[1]

TOTP is the cornerstone of Initiative for Open Authentication (OATH), and is used in a number of two-factor authentication[1] (2FA) systems.

YouTube Encyclopedic

  • 1/3
    Views:
    6 009
    868 454
    1 002 566
  • Semantic Security and the One-Time Pad
  • Session vs Token Authentication in 100 Seconds
  • The Man Who Broke The Internet By Deleting 11 Lines of Code

Transcription

History

Through the collaboration of several OATH members, a TOTP draft was developed in order to create an industry-backed standard. It complements the event-based one-time standard HOTP, and it offers end user organizations and enterprises more choice in selecting technologies that best fit their application requirements and security guidelines. In 2008, OATH submitted a draft version of the specification to the IETF. This version incorporates all the feedback and commentary that the authors received from the technical community based on the prior versions submitted to the IETF.[2] In May 2011, TOTP officially became RFC 6238.[1]

Algorithm

To establish TOTP authentication, the authenticatee and authenticator must pre-establish both the HOTP parameters and the following TOTP parameters:

  • T0, the Unix time from which to start counting time steps (default is 0),
  • TX, an interval which will be used to calculate the value of the counter CT (default is 30 seconds).

Both the authenticator and the authenticatee compute the TOTP value, then the authenticator checks whether the TOTP value supplied by the authenticatee matches the locally generated TOTP value. Some authenticators allow values that should have been generated before or after the current time in order to account for slight clock skews, network latency and user delays.

TOTP uses the HOTP algorithm, replacing the counter with a non-decreasing value based on the current time:

      TOTP value(K) = HOTP value(K, CT),

calculating counter value

where

  • CT is the count of the number of durations TX between T0 and T,
  • T is the current time in seconds since a particular epoch,
  • T0 is the epoch as specified in seconds since the Unix epoch (e.g. if using Unix time, then T0 is 0),
  • TX is the length of one time duration (e.g. 30 seconds).

Unix time is not strictly increasing. When a leap second is inserted into UTC, Unix time repeats one second. But a single leap second does not cause the integer part of Unix time to decrease, and CT is non-decreasing as well so long as TX is a multiple of one second.[original research?]

Security

Unlike passwords, TOTP codes are single-use, so a compromised credential is only valid for a limited time. However, users must enter TOTP codes into an authentication page, which creates the potential for phishing attacks. Due to the short window in which TOTP codes are valid, attackers must proxy the credentials in real time.[3]

TOTP credentials are also based on a shared secret known to both the client and the server, creating multiple locations from which a secret can be stolen.[4] An attacker with access to this shared secret could generate new, valid TOTP codes at will. This can be a particular problem if the attacker breaches a large authentication database.[5]

See also

References

  1. ^ a b c m'Raihi, David; Rydell, Johan; Pei, Mingliang; Machani, Salah (May 2011). "RFC 6238 – TOTP: Time-Based One-Time Password Algorithm". Archived from the original on July 11, 2011. Retrieved July 13, 2011.
  2. ^ Alexander, Madison. "OATH Submits TOTP: Time-Based One Time Password Specification to IETF". Open Authentication. Archived from the original on 9 April 2013. Retrieved 22 February 2010.
  3. ^ Umawing, Jovi (21 January 2019). "Has two-factor authentication been defeated? A spotlight on 2FA's latest challenge". Malwarebytes Labs. Archived from the original on 25 September 2020. Retrieved 9 August 2020.
  4. ^ "Time-Based One-Time Passwords (TOTP)". www.transmitsecurity.com. 25 June 2020. Retrieved 2 May 2022.
  5. ^ Zetter, Kim. "RSA Agrees to Replace Security Tokens After Admitting Compromise". WIRED. Archived from the original on 12 November 2020. Retrieved 17 February 2017.
This page was last edited on 7 March 2024, at 06:21
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy