With companies like Google, Dropbox and Amazon adopting TOTP, it would be a good idea to understand what it is, and how it works.

OTP

First a quick introduction to the One Time Pad on which TOTP is based. A One Time Pad is a large sequence of random numbers used to encrypt communications between two parties, it also comes with some heavy restrictions on its usage.

• The sequence of numbers must be truely random
• The sequence must be kept secret between the communicating parties
• The sequence must be at least as long as all the messages ever exchanged.
• No sequence reuse in whole or in part

On the upside OTP is information theory secure, which means that if applied correctly it is proveably unbreakable. However the list of restrictions on it’s usage often make it impractical to use. Reducing the size of the list is one of the primary benefits of TOTP, although it comes with some security reduction.

TOTP

TOTP is an acronym for “Time based One Time Password”, and like the One Time Pad it is meant to produce passwords that are only used a single time. However, it doesn’t have the same draw backs as OTP.

The protocol starts with a secret shared between the communicating entities. This is a sequence of numbers that is usually only 64 bytes, which is less than 140 digits (base 10). Once the two parties have shared the secret, they generate single use passwords to authenticate themselves to each other. The password generation algorithm is fairly straight forward:

• Hash the shared secret and the number of 30 second increments since the Epoch

That’s it. It’s fairly straight forward (see the RFC for more details).

Earlier I mentioned that TOTP is less secure that OTP, there are several reasons for this. I’ve tried to cover the major ones, but the list is by no means exhaustive as new attacks on cryptography are discovered all the time.

• Anything that hashes to the same value as the shared secret can be used to generate passwords, because that’s how hashing works, although in practice the hash chosen for TOTP is very resistant to finding these collisions.
• Determining the secret key reveals every single one of the passwords that will ever be produced, because the scheme is deterministic. This is also unlikely since brute force is considered to be the best attack against TOTP.
• Passwords generated can only be used in certain time intervals, because it’s time based one time passwords, and the user has no control over time window. For a scheme that doesn’t use the time, but uses counters instead, see the RFC for HOTP.