| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Jun 2013 03:08:59 -0400 From: Erik Kamerling <ekamerling@...istici.org> To: full-disclosure@...ts.grok.org.uk Subject: TOTP and clock advancement So this is very fundamental and stupid but I want to point it out. I have interacted with a vendor on it and they disregard this as a threat. It seems that this is a dumb clock trick worth mentioning but I suspect it's already known and accepted as risk in circles outside of my sphere, so I anticipate being educated. Take a TOTP based phone app, or a computer based app, and advance the clock on the device and you can predict TOTP nonces. Stupid right? I just changed a phone's clock to 2:15 AM from 2:10 AM and pre-collected the following: 2:10 reset phone to 2:15 [google authenticator] 992983 066834 726537 742749 495197 Reset phone back to sync then when 2:15 rolls around then the following values occur…. 992983 066834 726537 742749 495197 Same goes for Verisign's VIP which is TOTP/OATH based. The concept holds per phone, or laptop, or machine/server. Naturally I assume you could solve for TOTP with an equation if you just obtain the value once and knew the time delta on device or machine. Let alone getting ahold of someone's phone or laptop and simply advancing the clock, then recording TOTP numbers for future use. Why is this not a design problem? Erik Kamerling _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists