I’m working on a cyber security question and need an explanation to help me learn.
There are many different implementations in generating one-time passwords (OTP).
Consider the two implementations below (let’s assume that the OTP is the last six
digits of the resulting hash value):
1. Hash(Current Time in UNIX timestamp || Bank’s secret key)
2. Hash(Current Time in UNIX timestamp || User-specific secret key)
Appraise the security of each implementation and justify your answers.
What is the desired property of hash function in this case?
Note: I assume that the Bank’s secret key refers to a single key which is used for every user in the bank and the user-specific secret key is well, user-specific, where each user has their own unique key.
0 comments