Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Fr 05.07.2024 00:00:27 61.919 0 3.520.710 56,9 Fosstodon 4.2.10 500 Do 04.07.2024 00:00:52 61.919 +2 3.517.337 56,8 Fosstodon 4.2.9 500 Mi 03.07.2024 00:00:12 61.917 +2 3.513.906 56,8 Fosstodon 4.2.9 500 Di 02.07.2024 00:01:44 61.915 -2 3.510.479 56,7 Fosstodon 4.2.9 500 Mo 01.07.2024 00:00:33 61.917 0 3.507.420 56,6 Fosstodon 4.2.9 500 So 30.06.2024 00:00:34 61.917 +2 3.504.671 56,6 Fosstodon 4.2.9 500 Sa 29.06.2024 00:01:13 61.915 +2 3.501.982 56,6 Fosstodon 4.2.9 500 Fr 28.06.2024 00:01:07 61.913 +3 3.498.459 56,5 Fosstodon 4.2.9 500 Do 27.06.2024 00:00:32 61.910 0 3.495.444 56,5 Fosstodon 4.2.9 500 Mi 26.06.2024 00:00:07 61.910 0 3.494.703 56,4 Fosstodon 4.2.9 500
Fedor Indutny (@indutny) · 11/2022 · Tröts: 2.171 · Folger: 1.051
Fr 05.07.2024 18:11
Technically, every TOTP code that someone has managed to observe is a 20bit entropy leak. Meaning that knowing >13 separate codes is theoretically enough to recover the underlying 256-bit secret used to generate them.
I say "theoretically", because SHA-256 is still not reversible and thus an attacker would have to bruteforce through most of the 256-bit input space in order to satisfy the constraints from the collected codes.
With ratchet, however, this risk doesn't exit at all?
[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0 · via Ivory for Mac