Alice, Bob, and Mallory: Randomly chosen OTPsmetasyntacticstag:alicebobandmallory.com,2005:TypoTypo2008-05-11T23:52:16+02:00Jonas Elfströmurn:uuid:518ebbda-3d49-418f-b8d3-0b50e7c97db82007-02-06T16:59:00+01:002008-05-11T23:52:16+02:00Randomly chosen OTPs<p>In this post I hope to answer some questions I got about the one-time password protocol I described in <a href="/articles/2007/02/05/trojans-and-one-time-passwords">"Trojans and one-time passwords"</a>.
</p>
<p>The scenario is that the attacker has got at least one OTP by using a trojan or some other means.</p>
<p><cite>Couldn't the attacker just reload the login page until he is asked to enter an OTP that he has?</cite><br/>
- No, he could not. All decent login procedures has a max number of tries before blocking the account. Also the OTP is asked for in the page following the login-page and failure to enter or to enter a faulty OTP there should count as a failed login attempt.
</p>
<p><cite>Couldn't the trojan record all OTPs entered and then it knows it's only one left redirect the login attempt and then login itself with that OTP?</cite><br/>
- This is a real concern. To counterfeit this you have to have more OTPs than you will actually use or the numbered list could go on and on and not begin from 1 for every new sheet of OTPs. In either way the trojan will have a hard time to find out how many OTPs there are left.</p>
<p>In theory you could also present the number of the OTP as a <a href="http://www.captcha.net/">CAPTCHA</a> but I would recommend against it for usability reasons and because it locks out people with certain <a href="http://www.w3.org/TR/turingtest/#conclusion">disabilities</a>.
</p>
<h3>Probability of success</h3>
<p>Let's say the trojan has succeeded in getting hold of two OTPs. What is the probability that it will hit the correct OTP if the user has a list of 20, 50 and 200 OTPs and if three login tries are allowed?</p>
<div class="typocode"><pre><code class="typocode_default ">20: (1-(18/20*17/19*16/18))*100 = 28.4%
50: (1-(48/50*47/49*46/48))*100 = 11.8%
200: (1-(198/200*197/199*196/198))*100 = 3.0%</code></pre></div>
<p>This is why it is important to make it hard or impossible for the trojan to count how many OTPs there are left.</p>
<p>If you add a second round of OTP check like I suggested in my earlier <a href="/articles/2007/02/05/trojans-and-one-time-passwords">post </a> life gets a lot harder for Mallory.</p>
<p>In this post I hope to answer some questions I got about the one-time password protocol I described in <a href="/articles/2007/02/05/trojans-and-one-time-passwords">"Trojans and one-time passwords"</a>.
</p>
<p>The scenario is that the attacker has got at least one OTP by using a trojan or some other means.</p>
<p><cite>Couldn't the attacker just reload the login page until he is asked to enter an OTP that he has?</cite><br/>
- No, he could not. All decent login procedures has a max number of tries before blocking the account. Also the OTP is asked for in the page following the login-page and failure to enter or to enter a faulty OTP there should count as a failed login attempt.
</p>
<p><cite>Couldn't the trojan record all OTPs entered and then it knows it's only one left redirect the login attempt and then login itself with that OTP?</cite><br/>
- This is a real concern. To counterfeit this you have to have more OTPs than you will actually use or the numbered list could go on and on and not begin from 1 for every new sheet of OTPs. In either way the trojan will have a hard time to find out how many OTPs there are left.</p>
<p>In theory you could also present the number of the OTP as a <a href="http://www.captcha.net/">CAPTCHA</a> but I would recommend against it for usability reasons and because it locks out people with certain <a href="http://www.w3.org/TR/turingtest/#conclusion">disabilities</a>.
</p>
<h3>Probability of success</h3>
<p>Let's say the trojan has succeeded in getting hold of two OTPs. What is the probability that it will hit the correct OTP if the user has a list of 20, 50 and 200 OTPs and if three login tries are allowed?</p>
<div class="typocode"><pre><code class="typocode_default ">20: (1-(18/20*17/19*16/18))*100 = 28.4%
50: (1-(48/50*47/49*46/48))*100 = 11.8%
200: (1-(198/200*197/199*196/198))*100 = 3.0%</code></pre></div>
<p>This is why it is important to make it hard or impossible for the trojan to count how many OTPs there are left.</p>
<p>If you add a second round of OTP check like I suggested in my earlier <a href="/articles/2007/02/05/trojans-and-one-time-passwords">post </a> life gets a lot harder for Mallory.</p>