Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

352K
active users

mastodon.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-nightly.2025-03-25

Terence Eden

🆕 blog! “How random are TOTP codes?”

I'm pretty sure that the 2FA codes generated by my bank's TOTP app have a bias towards the number 8 - because eight is an auspicious number. But is that just my stupid meaty brain noticing patterns where none exist? The TOTP algorithm uses HMAC, which in turn uses SHA-1. My aforementioned brain is not […]

👀 Read more: shkspr.mobi/blog/2024/07/how-r

Terence Eden’s BlogHow random are TOTP codes?
More from Terence Eden
Jul 02, 2024, 11:35 AM·Public·Share on Mastodon
9boosts·18favorites
Public
Stephen Early

@Edent Are you sure it is actually TOTP, and not CAP? (Eg. I'm with Barclays and it is definitely CAP.)

Public
Terence Eden

@steve Yes. I'm using my TOTP app.

Public
Sudrien

@Edent Aye- runs in a random pool is somthing that one needs to learn to expect. There are, of course, other methods for defeating that sort of statistical analysis. One simple example being the so-called "lucky log” die.

"Lucky Log" die. Its six faces each have 1-6 in random order in random colors. Supposedly - except black always ranks higher than red. There is a hierarchy that can be memorized.
ExploreLive feeds
About