Two-factor algorithm in doubt

Source: Internet
Author: User

The principle of 0x00 two-factor algorithm

can refer to the Nanyi teacher of this article, here mainly to Ruan teacher to provide the algorithm doubts

TC = Floor (Unixtime (now)/30)

0x01 problem

At first it was quite reasonable to see that the comment mentioned the algorithm was wrong.

You understand, but you didn't do it, this algorithm can't guarantee the same in 30s.
As an example:
1510279844
1510279845
These 2 timestamps are only 1s, but the two divided by 304 Five are not equal, looking to correct

Shame Ah, the paper came to the end of shallow, know this matter to preach , hands-on verification, found that the algorithm is wrong.

Two-factor authentication in general, the server has generated a good password, and then the client is regenerated into a password, and submitted to the server authentication.
Because the human operation of the client also requires a certain amount of response time, then the client time is slower than the server.
TS is a time interval, assuming that starting at 0 seconds, what happens when the server's time approaches TS seconds?

Service-Side TC = Floor (now/ts) = 0
Client TC = Floor ((now+ts-1)/ts) = 1//Assume that the client generates a TC one second before the TS second

There is a big problem here, when the service side of the time close to the integer multiple of TS (in fact, as long as more than TS/2, the client waits for TS/2 after generation), will appear on both sides of the TC unequal.

0x02 Solution Ideas

When the start time of the server is greater than TS/2, two TC is used, one is the original TC, and the other is tc+1, which prevents the timeout from occurring.
However, there is another problem, the client after more than 1.5TC, will still be verified through (such as the service side time is 14 seconds, the client time 46 seconds, TS is 30 seconds)
Later read more articles, found that actually Ruan Teacher's algorithm is correct, because the RFC is so stipulated in the calculation of a continuous period of time (such as 0~29,30~59,60~89 ... ),
Instead of the time period (such as now+29) from the present moment.
If a timeout occurs, it is easy to prompt the user to retake the password.

0x03 extension

If there is a function y=f (x), when the x0<=x<=x0+ts, the values are the same, then you can do the current moment +ts calculation.
Recalling the definition of a function, however, one x and one y correspond to each other, and this obviously does not conform to the definition of the function, because an x will appear multiple Y.
It seems that only the continuous time period of the calibration, and see that there are two factors to verify that the window period, and my idea of a similar, that is, more to find a TC.

Two-factor algorithm in doubt

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.