TOTP Algorithm Explained

Time-based one-time password algorithm (TOTP) is the focus of this post. But, before we delve deeper into the TOTP meaning, we’d like to mention the organization that is instrumental in the one-time password algorithms’ existence — OATH, or Open AuTHentication. OATH is a collaboration of all sorts of specialists, who made their mission to create a truly secure and universal network for all to use. We at Protectimus are proud to be a part of this collaborative effort.

In this article, we will learn what OATH TOTP is. We will have a closer look at TOTP algorithm implementation and the work of the TOTP mode. Finally, we will provide a full list of Protectimus TOTP tokens designed for time based token authentication to help you choose the one that suits you best.

Table of contents:

What is TOTP algorithm

We’ve already answered the “what does TOTP mean?” question above. But what is TOTP authentication? An uncomplicated answer is — it’s a 2-factor verification method that uses the time as a variable. Let’s expand on this a bit and unravel how TOTP authentication actually operates.

TOTP algorithm (RFC 6238) implies that an OTP is a product of two parameters encrypted together. These are a common value, which is a shared secret key, or seed; and a variable, in this case – the running time. These parameters are encrypted with a hash function.

TOTP algorithm

Here’s a TOTP algorithm example to illustrate:

  1. A user wants to log into a TOTP 2FA protected application or website. For the OTP authentication to run, the user and the TOTP server need to initially share a static parameter (a secret key).
  2. When the client logs into the protected website, they have to confirm they possess the secret key. So their TOTP token merges the seed and the current timestep and generates a HASH value by running a predetermined HASH function. This value essentially is the OTP code the user sees on the token.
  3. Since the secret key, the HASH function, and the timestep are the same for both parties, the server makes the same computation as the user’s OTP generator.
  4. The user enters the OTP and if it is identical to the server’s value, the access is granted. If the results of the calculations aren’t identical, the access is, naturally, denied.
TOTP authentication explained

To explain the above example a bit let’s note here that the mentioned seed is a string of random characters, usually 16–32 characters long. “Sharing” the key usually implies scanning a QR code that shows the seed generated by the server with the client’s TOTP app. Alternatively, the key is already programmed in their TOTP device. The timestep is calculated using UNIX time, which starts on January 1, 1970, UTC. The timesteps are to be 30 or 60 seconds, so the time value used for TOTP is the number of seconds run since 00:00 January 1, 1970, divided by 30, or 60. Finally, the mentioned HASH function is a cryptographic mathematic function that simply changes one value into another and usually shortens the result to 6-8 symbols. This result is what we called a HASH value above.

All of this is specified in TOTP RFC.

TOTP algorithm background — HOTP

OATH has been actively working on secure 2FA since 2004. The first algorithm that the organization created is HOTP — HMAC-based One-time Password, presented in 2005. This method uses a counter as a variable and a seed as a shared value to create OTP.

HOTP algorithm explained

The creation of a one time password is the event for the counter in HOTP, so each new password increases the counter by 1. We’ve described this algorithm in every detail in this article.

The counter-based method has a number of flaws, we’ll touch upon them next. So in 2008 OATH presented TOTP as an expansion of the parent algorithm, the next step of the MFA evolution.

| Read also: OCRA Algorithm Explained

TOTP vs HOTP

HOTP is a lot less bulletproof than the time-based one-time password algorithm. If a HOTP OTP token falls into a hacker’s hands, the criminal can write down the OTPs and use them at any time. The HOTP passes do not have an expiration time, the hacker just has to use one faster than the owner.

Another drawback of HOTP is the server-token unsynchronization if the button on the device is pressed too many times. Remember, the counter increases with each new OTP? The server has no ability to follow how many times the token button is clicked since the physical tokens are completely offline. This is accounted for in the algorithm, but if someone clicks the button too many times unintentionally (a child plays with it), or intentionally (a criminal) the token is rendered useless.

HOTP is also more vulnerable to brute-force attacks and other ways to guess the next OTP. The hacker would have to get access to the token and write down a few of the OTPs, the password guessing will take some serious computing and a few hours. But it’s still possible.

In the HOTP vs TOTP battle, TOTP security would certainly win. TOTP passwords have a limited lifespan. If a password provided by an RFC6238 TOTP generator is not used within 30, sometimes 60 seconds, it simply expires and can not be used for login. So writing the OTPs down won’t do a hacker any good. The token button can be clicked as many times as your heart desires, it won’t put the token and server out of sync.

TOTP tokens do have their own issue — time drift. But we’ve already solved it in programmable tokens Protectimus Slim NFC. Let’s talk about it next.

| Read also: 2FA Security Flaws You Should Know About

TOTP synchronization problem

A TOTP hardware token is completely offline, no network connection whatsoever. This makes it impenetrable for the majority of known hacker attacks. But the TOTP algorithm relies on the time, so the tokens are supplied with a clock of sorts — an oscillator. With no way to sync the time, a drift happens eventually. But the time the server has is always precise.

The discrepancy is averagely 2 minutes per year. And yes, the algorithm has a synchronization window to allow for it. But OTP tokens have batteries with a long lifetime. So, in a few years, the drift inevitably overflows the sync window and becomes an issue. Eventually, the server and the TOTP device start to generate different values.

We have a very detailed blog post on this problem and how we managed to fix it. So we won’t delve into details and just say here that since May 2019 Protectimus Slim NFC devices have the synchronization issue fixed.

| Read also: TOTP Tokens Protectimus Slim NFC: FAQ

Protectimus TOTP tokens

Time-based OTP algorithm is a widely applied MFA solution, there’s even Google Authenticator TOTP mode. Protectimus can offer you three tokens developed with time-based OTP RFC specification.

TokenDescription

Protectimus Slim NFC

Programmable TOTP token Protectimus Slim NFC

 

  • TOTP token card.
  • New secret key can be re-programmed as many times as you wish. This means you can re-use the token once you stop using it for one website.
  • A safer substitute for 2FA apps like TOTP Google authenticator.
  • Time sync feature included.
  • Waterproof.
  • From 3 to 5 years of battery life.
  • $29.99 per token
  • 12 months warranty.

Protectimus TWO

Classic TOTP token Protectimus Two

  • Key fob token.
  • Can be used for the website or app login only if you can add its seed to the server side since the seed is hard-coded.
  • Shockproof.
  • Waterproof.
  • From 3 to 5 years of battery life.
  • 11.99 per token
  • 12 months warranty.

Protectimus SMART OTP

Software OTP token Protectimus Smart OTP

  • Code generator app.
  • Supports all the OATH algorithms.
  • PIN code protected.
  • Time sync feature included.
  • Can be used for multiple websites and apps.
  • If the app is deleted, the tokens created within it can’t be recovered.
  • Completely free of charge.
  • Available for iOS and Android.

Read more:

Summary
TOTP Algorithm Explained
Article Name
TOTP Algorithm Explained
Description
TOTP algorithm (RFC 6238) implies that an OTP is a product of two parameters encrypted with a hash function: a shared secret key and a running time
Author
Publisher Name
protectimus.com
Publisher Logo

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Author: Maxim Oliynyk

He worked in the IT industry for many years. One fine day, he had an idea to create a convenient and affordable two-factor authentication service. He gathered a group of talented like-minded people. A bit of time + a lot of work + a lot of money + a million experiments. And – voila! Protectimus is born! After a little more time and effort, not only is Protectimus not in any way inferior, it is often superior as compared to former industry leaders.

Share This Post On

2 Comments

  1. We are considering using the Protectiums Two for use in an existing system. In this system TOTP is already implemented, users use the Google Authenticator app to generate the verification codes. We would like to offer the possibility to use the Protectiums Two instead of this app. We realize we have to adapt the system to be able to enter the secret instead of allowing users to scan a QR code with the generated secret. Is this secret provided with each Protectiums Two? And will we still be able to keep the window size at 2? Our TOTP’s refresh every 30 seconds.

    Post a Reply
    • Hi Jelle, sure, we’ll send you the secret keys in an encrypted archive. The window size can be kept at 2, but because of the time drifts, you’ll need to adjust the clock on the server each authentication to synchronize it with the tokens’ clocks. In our service, this issue is already foreseen and solved according to the RFC 6238 standard.

      Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from Protectimus blog.

You have successfully subscribed!

Share This