Skip to main content

How Google Authenticator app works?

In our previous blog we talk about 2-Factor authenticator app. So, I thought let know about the algorithm it work on.


The TOTP algorithm generate single time password also known as token which are only valid for a certain period of time.

This generated token are depend upon shared secret key.

This algorithm was published as RFC 6238 by Internet Engineering Task Force (IETF).

TOTP is extension of HMAC based OTP algorithm.

This algorithm is used by 2-factor authentication app for creating dynamic pattern of code.

Without any further due let’s hope into it.
Before getting started let me introduce you to a term called "Unix Epoch Time".

Unix Epoch Time (T(Unix)) is the m=number of second that elapsed(passed) since 1 Jan 2017
00:00:00 UTC not counting leap second.

TOTP Algorithm:
1. Assume a date and time at which you want the code. So, I take 4 Dec 2018   12:24:20

T(Unix)=1543926260 Sec

N=floor (T(Unix)/sec)

N=counter which tell the amount of time gap has completed. Here it is 30 sec.
 Sec=30 (we want to change the code every 30 second)
floor=function which round a number downward to nearest integer.

According to the formula:
N=floor (1543926260/30)
N=51464208



2. N is then converted into hexadecimal value having 16 hexadecimal characters (8 Byte)
If not, prepend with 0’s. (if the number is not that big add 0 on the right side to make 8 byte number)

N(Dec)=51464208
N(Hex)=0x0000000003114810

Convert the hexadecimal vale into 8-byte array and assign it to msg.

3.You get shared secret key from the account you are doing 2-factor authentication.

K= (pofa rscd uptm dh6j aogl nda2 ryk7 7jva)

Everyone has different key.
Convert this key into 20-byte number using 32-base encode.

4.This both values are passed in HMAC-SHAI algorithm.



From this algorithm we get this output.




Now, pick the last 4-bits to this output. In my case it is A.
Here each block has 8-bit so dividing it 9 and A are of 4-bit each.




The “A” integer is called offset.(blue colored 'A')

A=10 in hexadecimal format.
Starting from offset(A=10),get 4 bytes from the HMAC hash.






Convert this output in to binary and then convert it into decimal.


New binary values=0x76A7F899
Binary à Decimal= 1990719641.
Main=1990719641.



5.Finally, the movement we are waiting for the token, which we require to login in our account in created.
Final calculation

The value we got i.e. main is used in modulo operation.
Token = main % (10^n)


 Here n= size of token (generally it sizes of 6).

 Note:If the token (size < n)then, prefix with 0's.

Every 30 second a new token is generated with this algorithm.
Fun Fact: It remain valid for 60 seconds.



If you have can Query feel free to comment in blog.I will be grateful to answer your doubt.
If like the content share it with your friend.
And don’t forget to subscribe our blog which on top of the page.

Thanks for reading this blog.





Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Secure Network(Week 4)

Network hardening is the process of securing a network by reducing its potential vulnerabilities through configuration changes and taking specific steps.   Implicit deny is a network security concept where anything not explicitly permitted or allowed should be denied. Analyzing logs is the practice of collecting logs from different networks and sometimes client devices on your network, then performing an automated analysis on them. Correlation analysis is the process of taking log data from different systems and matching events across the systems. Flood guards provide protection against Dos or denial of service attacks. EAP-TLS is an authentication type supported by EAP that uses TLS to provide mutual authentication of both the client and the authenticating server.   if you really want to lock down your network, you can implement 802.1x . DHCP Snooping Attack Why WEP Encryption fall apart? A general concept in security and encryption is to never send the plain ...
Post a Comment
Read more

Troubleshooting and debugging

Troubleshooting is the process of identifying, analyzing, and solving problems.  Debugging is the process of identifying, analyzing, and removing bugs in a system. We sometimes use troubleshooting and debugging interchangeably.  But generally, we say troubleshooting when we're fixing problems in the system running the application, and debugging when we're fixing the bugs in the actual code of the application. Debuggers let us follow the code line by line, inspect changes in variable assignments, interrupt the program when a specific condition is met, and more. System calls are the calls that the programs running on our computer make to the running kernel.   A reproduction case is a way to verify if the problem is present or not. Where to check for log file in OS? On Linux , you'd read system logs like /var/log/syslog and user-specific logs like the .xsession-errors file located in the user's home directory. On MacOs , on top of the system logs, you'd go through...
Post a Comment
Read more

Authentication Authorization Accounting(week 3)

Identification is the idea of describing an entity uniquely. Biometric authentication is the process of using unique physiological characteristics of an individual to identify them. C.R.L(Certificate revocation list) :This is a signed list published by the CA which defines certificates that have been explicitly revoked. Lightweight Directory Access Protocol(LDAP): LDAP is an open industry-standard protocol for accessing and maintaining directory services. Authentication is related to verifying the identity a user, authorization pertains to describing what the user account has access to or doesn't have access to. An access control list or ACL , is a way of defining permissions or authorizations for objects.  RADIUS or Remote Authentication Dial-In User Service , is a protocol that provides AAA services for users on a network.It's a very common protocol used to manage access to internal networks, WiFi networks, email services and VPN services. when a client wants to access a r...
Post a Comment
Read more