
The Trouble with TOTP (2013) - beefhash
https://www.miknet.net/security/the-trouble-with-totp/
======
bradknowles
The use case is for a small key fob, or virtual key fob replacement, and the
number changes every minute. So, on average, the number will probably change
in about thirty seconds from when the user first looks at it.

The user is going to be going back and forth between the key fob and whatever
it is they are trying to authenticate to, and they have to quickly memorize
the displayed value so that they can type it in, and do all that before the
displayed value expires.

Pure numbers are easier to recognize and memorize, and humans typically have a
working short term memory good for about seven digits.

There’s your design constraints.

Better would be to use a nonce provided by the authentication system as a salt
to be added to the time value, which I believe is common in TOTP
implementations in software that you might use on your phone.

But ultimately, it’s still a Unix epoch time value in seconds that is passing
through an HMAC, and that part is going to be pretty easy to guess and to
synchronize to.

