Abstract
A one-time password (OTP) is a password that is valid for only one login session or transaction, in IT systems or digital devices. This is one of the human-centered security services and is commonly used for multi-factor authentication. This is very similar to generating pseudo-random bit streams in cryptography. However, it is only part of what is used as OTP in the bit stream. Therefore, the OTP mechanism requires an algorithm to extract portions. It is also necessary to convert hexadecimal to decimal so that the values of the bit strings are familiar to human. In this paper, we classify three algorithms for extracting the final data from the pseudo random bit sequence. We also analyze the fact that a vulnerability occurs during the extraction process, resulting in a high frequency of certain numbers; even if cryptographically secure generation algorithms are used.
Highlights
Fixed passwords are vulnerable to re-use attacks due to malicious attacker’s password collection
Combining Experiments 1 and 2, if an attacker wants to predict the value of One-Time Password (OTP) using the improved algorithm, the value of OTP can be predicted with probability 218, which is much higher than 2120
OTP is used for various purposes such as multi-factor authentication [28]
Summary
Fixed passwords are vulnerable to re-use attacks due to malicious attacker’s password collection. One-Time Password (OTP), on the other hand, is a password that is used differently each time for a login session or transaction [1]. This makes it impossible to reuse previously collected things. It has the property of randomness, which makes it mathematically impossible to infer the password from the current one. The random number sequence is the same as the result of a series of unbiased “fair” coins. All parts of the random sequence are independent of each other, so the parts that have already been generated can not affect the time and can not be predicted [10]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
