search

PHPGangsta / GoogleAuthenticator

PHP class to generate and verify Google Authenticator 2-factor authentication
http://phpgangsta.de/4376
BSD 2-Clause "Simplified" License
2.23k stars 689 forks source link

Secret length too short according to standard #81

Open hannob opened 3 years ago

hannob commented 3 years ago

The secret created by the createSecret() function is too short according to the standard.

The TOTP standard references the HOTP RFC for the algorithm, which is RFC 4226. It says:

   The algorithm MUST use a strong shared secret.  The length of
   the shared secret MUST be at least 128 bits.  This document
   RECOMMENDs a shared secret length of 160 bits.

The secret created in your code is by default 16 bytes base32 encoded. That corresponds to an 80 bit secret. (There is probably a common misunderstanding that people believe 16 bytes corresponds to 16*8 bits, but that ignores the base32 encoding, which reduces the character space by 3 bits.)

In theory this could be considered a security vulnerability. However it's a very theoretical one, as 80 bits is still a security level that is probably outside the possibilities of any real attacker. However it gets somewhat dangerously close to what could be broken by a powerful attacker, so better stick to the recommendation from the standard.

Here's also a blogpost discussing too short TOTP secrets (however I found the blogpost a bit confusing and it took me a while to realize that with a 16 byte secret we're still far away from any practical attack): https://www.unix-ninja.com/p/attacking_google_authenticator