Analysis of Vulnerabilities That Can Occur When Generating One-Time Password

摘要

A one-time password (OTP) is a password that is valid for only one login session or transaction, in IT systems or digital devices. This is one of the human-centered security services and is commonly used for multi-factor authentication. This is very similar to generating pseudo-random bit streams in cryptography. However, it is only part of what is used as OTP in the bit stream. Therefore, the OTP mechanism requires an algorithm to extract portions. It is also necessary to convert hexadecimal to decimal so that the values of the bit strings are familiar to human. In this paper, we classify three algorithms for extracting the final data from the pseudo random bit sequence. We also analyze the fact that a vulnerability occurs during the extraction process, resulting in a high frequency of certain numbers; even if cryptographically secure generation algorithms are used.