|
|
|
|
|
|
by riffraff
3684 days ago
|
|
|
IANA cryptologist, but it should not be possible to derive the shared secret from the token, if I understand correctly this is discussed in the HOTP spec[0] > Assuming an adversary is able to observe numerous protocol exchanges and collect sequences of successful authentication values. This adversary, trying to build a function F to generate HOTP values based on his observations, will not have a significant advantage over a random guess. [0] https://tools.ietf.org/html/rfc4226#section-6 |
|
|