How random are TOTP codes?
submited by
Style Pass
I'm pretty sure that the 2FA codes generated by my bank's TOTP app have a bias towards the number 8 - because eight is an auspicious number.
The TOTP algorithm uses HMAC, which in turn uses SHA-1. My aforementioned brain is not clever enough to understand how that works. Although bigger, meatier brains have assured me it is fine.
There are about 30 million seconds in a year. TOTP codes change every 30 seconds. Which means, in a year, you'll see about a million of them:
Read more shkspr.mobi/...
/cdn.vox-cdn.com/uploads/chorus_asset/file/25513610/VRG_Roku_Broke_TV_K_Radtke_3.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/23318432/akrales_220309_4977_0079.jpg)
