Header Ads Widget

One Time Password (OTP) algorithm in Cryptography | py hacks

PulkitPy January 12, 2021
Authentication, the process of identifying and validating an individual is the rudimentary step before granting access to any protected service (such as a personal account). Authentication has been built into the cybersecurity standards and offers to prevent unauthorized access to safeguarded resources. Authentication mechanisms today create a double layer gateway before unlocking any protected information.

This double layer of security, termed as two-factor authentication, creates a pathway that requires validation of credentials (username/email and password) followed by creation and validation of the One Time Password (OTP). The OTP is a numeric code that is randomly and uniquely generated during each authentication event. This adds an additional layer of security, as the password generated is a fresh set of digits each time authentication is attempted and it offers the quality of being unpredictable for the next created session.

The two main methods for delivery of the OTP is:

1. SMS Based:
This is quite straightforward. It is the standard procedure for delivering the OTP via a text message after regular authentication is successful. Here, the OTP is generated on the server-side and delivered to the authenticator via text message. It is the most common method of OTP delivery that is encountered across services.
2.Application Based:
This method of OTP generation is done on the user side using a specific smartphone application that scans a QR code on the screen. The application is responsible for the unique OTP digits. This reduces wait time for the OTP as well as reduces security risk as compared to the SMS based delivery.
The most common way for the generation of OTP defined by The Initiative For Open Authentication (OATH) is the Time Based One Time Passwords (TOTP), which is a Time Synchronized OTP. In these OTP systems, time is the cardinal factor to generate a unique password.

The password generated is created using the current time and it also factors in a secret key. An example of this OTP generation is the Time-Based OTP Algorithm (TOTP) described as follows:
  1. The backend server generates the secret key
  2. The server shares a secret key with the service generating the OTP
  3. A hash-based message authentication code (HMAC) is generated using the obtained secret key and time. This is done using the cryptographic SHA-1 algorithm. Since both the server and the device requesting the OTP, have access to time, which is obviously dynamic, it is taken as a parameter in the algorithm. Here, the Unix timestamp is considered which is independent of time zone i.e. time is calculated in seconds starting from January First, 1970. Let us consider “0215a7d8c15b492e21116482b6d34fc4e1a9f6ba” as the generated string from the HMAC-SHA1 algorithm.
  4. The code generated is 20 bytes long and is thus truncated to the desired length suitable for the user to enter. Here dynamic truncation is used. For the 20-byte code “0215a7d8c15b492e21116482b6d34fc4e1a9f6ba”, each character occupies 4 bits. The entire string is taken as 20 individual one-byte sting.
  5. We look at the last character, here a. The decimal value of which is taken to determine the offset from which to begin truncation. Starting from the offset value, 10 the next 31 bits are read to obtain the string “6482b6d3″. The last thing left to do is to take our hexadecimal numerical value and convert it to decimal, which gives 1686288083.
  6. All we need now are the last desired length of OTP digits of the obtained decimal string, zero-padded if necessary. This is easily accomplished by taking the decimal string, modulo 10 ^ number of digits required in OTP. We end up with “288083” as our TOTP code.
  7. A counter is used to keep track of the time elapsed and generate a new code after a set interval of time
  8. OTP generated is delivered to the user by the methods described above.
Apart from the time-based method described above, there also exist certain mathematical algorithms for OTP generation for example a one-way function that creates a subsequent OTP from the previously created OTP.
The two-factor authentication system is an effective strategy that exploits the authentication principles of “something that you know” and “something that you have”.The dynamic nature of the latter principle implemented by the One Time Password Algorithm is crucial to the security and offers an effective layer of protection against malicious attackers. The unpredictability of the OTP presents a hindrance in peeling off the layers that this method of cryptography has to offer.






Copy with Credits @
☠🔰Pulkit Saini🔰
☠💀Nothing is Impossible in front of me💀☠
☠💀This is Only For Educational Purpose 💀☠
Owner Made with ❤️ by Pulkit Saini 
For Your Support:- 
Subscribe to my YouTube Channel:- https://www.youtube.com/pulkitpy 
Follow me on Instagram:-https://www.instagram.com/pulkit_py/
Follow us on Instagram:- https://www.Instagram.com/pulkitpy 
Follow us on Github:- https://github.com/Pulkit-Py 
Join Us on Telegram:- https://t.me/pulkit_py 

Tags:
PulkitPy

Posted by: PulkitPy

Welcome to Pulkit py, your number one source for all things. We're dedicated to giving you the very best of Programming, with a focus on Programming, Projects, Code. Founded in 2020 by Pulkit Saini, Pulkit py has come a long way from its beginnings in India. When Pulkit Saini first started out, his passion for Programming drove them to open source so that Pulkit py can offer you the best content. We now serve customers all over the world and are thrilled that we're able to turn our passion into our own website. we hope you enjoy our products as much as we enjoy offering them to you. If you have any questions or comments, please don't hesitate to contact us. Sincerely, Pulkit Saini

Post a Comment

0 Comments