[QA] FreeOTP on Android complains about weak algorithm

[jnweiger]

Seen with twofactor_totp-0.8.0-rc.2 on core 10.12.2 using Android FreeOTP Version 2.0.1 (42)

• Enable TOTP in your personal settings -> Security
• A QA code appears (example, not used in real live)

---

• Scan this code with android FreeOTP, the app complains:

---

When clicking use anyway, the protocol works fine. Google authenticator accepts the code without warnings.

Expected behaviour:

• We use sufficiently strong algorithms
• No such warning

[jnweiger]

reproduced with 0.8.1

[cdamken]

@IljaN is this a real security issue? or just apps complain to have a better option?

[jvillafanez]

It seems it's possible to configure sha1 (default), sha256 and sha512 as algorithms to be used by sending an additional algorithm parameter in the otpauth url (which is encoded in the QR). The problem is that we'll need to check the code coming from the mobile using the same algorithm, so we'll have to store the algorithm used somewhere in the DB.

I think this will need several changes in the app because supporting different algorithms doesn't seem to be planned.

Note that switching directly to a different algorithm isn't possible:

• Even if we create the new QR code with a new algorithm, the old codes must be checked with whatever algorithm was used to generate that code, otherwise the users won't be able to access ownCloud because the validation will fail on our side due to the different algorithm.
• We'll likely need to add a migration in order to add the algorithm used for the secret in the DB. This means that old entries will have the "sha1" algorithm and the new entries the new one. The small problem is that, for new installations, the column will always have the new algorithm, which seems a waste of space if it isn't possible for the user to use another algorithm.
• According to internet, google authenticator and microsoft authenticator seems to support only sha1. Using a different algorithm won't work with those providers.

We'll have to figure out how we can let the users choose whatever algorithm they want to use.

[jvillafanez]

From a security perspective, I think it's fine.

The only place where the algorithm is relevant is when the client sends the generated totp code to the server. For the rest of the workflow, the algorithm used doesn't matter. Assuming that someone gets the code sent from the client, the only way to get the secret is by brute force. This is regardless of the algorithm used.

I guess sha256 and sha512 are considered better because the are slower, so in case of a brute force attack it will take more time to figure out the secret. However, in terms of overall security I guess it's the same. Maybe that's why neither Google nor Microsoft have support for those in their apps.

I'm not a security expert, so maybe I'm wrong.

[IljaN]

@hodyroff fyi @IljaN

[IljaN]

@DeepDiver1975 Take a seond look, thx

[DeepDiver1975]

With the latest version of FreeOTP it is no longer possible to add the QR code. @IljaN @jnweiger can you please test as well if possible? THX

[IljaN]

Latest Version (for me) from PlayStore: v2.0.2 (43), it is still possible to add the Token.

[DeepDiver1975]

Since supported algorithms are vary based on the used authenticator app we would need to ask the user to choose an algo. This is by far user friendly. SHA1 is the agreed default as per specs. Let's just continue to use this as is.

To be re-evaluated in 2024

[jnweiger]

Tested with andOTP 0.9.0.1-play: - works just fine. No complains. Tested with 2FA Authenticator (2FAS) 5.1.0: - works just fine. No complains.

As far as I can tell, FreeOTP was only mentioned once in https://owncloud.com/news/how-to-use-two-factor-authentication-with-the-owncloud-desktop-client-or-mobile-apps/#setup-your-second-authentication-factor

2FA Auhtenticator is more prominently mentioned in https://doc.owncloud.com/webui/next/classic_ui/personal_settings/security.html#two-factor-authentication Maby we should also mention andOTP there?