Randomly chosen OTPs defaced
Posted by Jonas Elfström Mon, 12 Feb 2007 18:45:00 GMT
Gunnar Kreitz has shown that random chosen OTPs aren't nearly as good as I first thought. Against the current trojan they work just fine but Kreitz describes how a modified and more advanced trojan could be effective.
It seems that in the end the protocol only forces the trojan be more complex, adds a time span for the validity of the OTP and makes the attack more likely to fail (there is no guarantee that the user will enter a second OTP or that he will do it in time). I suppose the attacker also would have to make the trojan completely automated or have a 24/7 staff waiting. If the user has opted in to have the n presented as a CAPTCHA it would force the evildoers to have that 24/7 staff.
- A TTL (time to live) for OTPs.
- Demands more resources and higher complexity from the attacker.
- A little harder to use (finding the challenged OTP).
- In theory not that much more secure.
My bank has support for sending OTPs by SMS but a trojan that works like the one described by Kreitz would have no problem with that one either.
The protection against phising, as in redirecting the user to a fake login page, is still much greater with randomly chosen OTPs.
I find it a bit ironic that the bank in question actually is going to implement something that sounds like randomly chosen OTPs. They recently announced a change in their login procedure: "Vilken engångskod från kodkortet du ska använda framgår på inloggningssidan." / "What one-time password you are supposed to enter will be presented on the login page."
Personally I think the security tokens with signing abilities sounds more and more reasonable.