Many web wallets/exchanges only use an 80 bit shared secret for time-based 2FA

Bitcoin Forum

June 13, 2024, 01:39:05 PM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 27.0 [Torrent]

Home

Help

Bitcoin Forum > Bitcoin > Bitcoin Discussion > Many web wallets/exchanges only use an 80 bit shared secret for time-based 2FA

Pages: [1]

« previous topic next topic »

Author

Topic: Many web wallets/exchanges only use an 80 bit shared secret for time-based 2FA (Read 428 times)

keystroke (OP)

Hero Member

Offline

Activity: 900
Merit: 1014

advocate of a cryptographic attack on the globe

Many web wallets/exchanges only use an 80 bit shared secret for time-based 2FA

December 07, 2015, 06:10:52 AM

I took a look at the length of the shared secret, K, provided by the services listed below. They use the time-based OTP algorithm, RFC 6238. The HMAC-based OTP algorithm, RFC 4226, requires a 128 bit key and recommends a 160 bit key. RFC 6238 makes no such recommendation, although Google uses 160 bit and Amazon uses 320 bit for their own services. This is not an immediate practical issue, but these services should increase key lengths and be careful about using defaults.

320 bit
Amazon

256 bit
BTC-E

160 bit
Google
CEX.IO

120 bit
Kraken

80 bit
Coinbase
Bitstamp
Bitfinex
Poloniex
Purse
LocalBitcoins
OKCoin

"The difference between a castle and a prison is only a question of who holds the keys."

unamis76

Legendary

Offline

Activity: 1512
Merit: 1009

⇾ Re: Many web wallets/exchanges only use an 80 bit shared secret for time-based 2FA

December 07, 2015, 10:58:40 AM

Could the 2FA secret be calculated in a realistic time frame on those exchanges using 80 bit?

keystroke (OP)

Hero Member

Offline

Activity: 900
Merit: 1014

advocate of a cryptographic attack on the globe

Re: Many web wallets/exchanges only use an 80 bit shared secret for time-based 2FA

December 07, 2015, 11:35:09 AM

Quote from: unamis76 on December 07, 2015, 10:58:40 AM

Could the 2FA secret be calculated in a realistic time frame on those exchanges using 80 bit?

Depends how much money someone is willing to invest, but that number comes down every year.

"The difference between a castle and a prison is only a question of who holds the keys."

TastyChillySauce00

Legendary

Offline

Activity: 3024
Merit: 1028

Leading Crypto Sports Betting & Casino Platform

Re: Many web wallets/exchanges only use an 80 bit shared secret for time-based 2FA

December 07, 2015, 12:00:19 PM

exchanger really lack of security nowadays, no wonder some of them being hacked and lost few thousand btc like what happening before

..^Stake.com..

▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████

Play
Smarter

▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█

Leading Crypto Sports Betting
&&&&& Casino Platform

▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀

..^{PLAY NOW}..

Pages: [1]

Bitcoin Forum > Bitcoin > Bitcoin Discussion > Many web wallets/exchanges only use an 80 bit shared secret for time-based 2FA

« previous topic next topic »

Jump to: