• Shapillon@lemmy.world
    link
    fedilink
    arrow-up
    9
    arrow-down
    3
    ·
    edit-2
    14 days ago

    That’s a security standard preventing keyloggers from guessing your credentials.

    • cm0002@lemmy.worldOP
      link
      fedilink
      arrow-up
      11
      ·
      14 days ago

      That’s a security standard theater pretending to preventing keyloggers from guessing your credentials.

      FTFY

    • nucleative@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      14 days ago

      The TOTP changes every time. For modern totp hashing I’m not sure how many sequential codes a keylogger would need but I’m guessing more than I will ever enter.

      Edit, asked ai for an answer to that because I was curious (maybe it’s right):

      Start AI

      That being said, if an attacker were able to collect a large number of TOTP codes, they might be able to launch a brute-force attack to try to guess the private key. However, this would require an enormous amount of computational power and time.

      To give you an idea of the scale, let’s consider the following:

      Assume an attacker collects 1000 TOTP codes, each 6 digits long (a common length for TOTP codes).
      Assume the private key is 128 bits long (a common length for cryptographic keys).
      Assume the attacker uses a powerful computer that can perform 1 billion computations per second.
      

      Using a brute-force attack, the attacker would need to try approximately 2^128 (3.4 x 10^38) possible private keys to guess the correct one. Even with a powerful computer, this would take an enormous amount of time - on the order of billions of years.