mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

352K
active users

Terence Eden

🆕 blog! “How random are TOTP codes?”

I'm pretty sure that the 2FA codes generated by my bank's TOTP app have a bias towards the number 8 - because eight is an auspicious number. But is that just my stupid meaty brain noticing patterns where none exist? The TOTP algorithm uses HMAC, which in turn uses SHA-1. My aforementioned brain is not […]

👀 Read more: shkspr.mobi/blog/2024/07/how-r

Terence Eden’s BlogHow random are TOTP codes?
More from Terence Eden

@Edent Are you sure it is actually TOTP, and not CAP? (Eg. I'm with Barclays and it is definitely CAP.)

@steve Yes. I'm using my TOTP app.

@Edent Aye- runs in a random pool is somthing that one needs to learn to expect. There are, of course, other methods for defeating that sort of statistical analysis. One simple example being the so-called "lucky log” die.