One Time Passcodes & Entropy

Tech · 23 May 2021

You’re logging into your bank account and after you enter your password, you’re prompted to enter a code that you just received on your phone.

This Multi Factor Authentication (MFA) uses a second factor like your phone to further verify your identity while you log in.

But, have you paid much attention to what this phone code is? Introducing one time passcodes and entropy…

One Time Passcodes

One time passcodes or OTPs are randomly generated numbers that expire after a set time. OTPs are used as an additional verifying factor on top of your existing passwords. They can appear via sms, phone call, email or an authenticator app like Google Authenticator, Authy or Okta Verify.

These codes should be at least 6 characters in length as per the National Institute of Standards & Technology (NIST) digital identity guidelines. Codes can also be entirely numeric.

Entropy

No, we’re not talking about chemical thermodynamics. In cyber security, entropy measures the number of possible choices when generating a random number. So, a 6 digit passcode has 10⁶ (1 million) possibilities ranging from “000000” to “999999”. The higher the possibilities, the higher the entropy. So, a 6-digit passcode has a higher entropy than a 4-digit passcode, but a lower entropy than an 8-digit passcode.

When you express 10⁶ in binary, 20 bits are required, Log₂ 1000000 = 19.9315 So, you can also say a 6 digit passcode has 20 bits of entropy.

NIST also requires the verifying party to have some rate limiting in place if the passcode is less than 64 bits of entropy (so, practically, every human-readable OTP). Rate limiting is the process by which the verifying party (any app that you’re trying to log into) introduces measures to prevent attackers from trying every possibility repeatedly with no consequences. The verifying party could try:

Letting passcodes to be entered once every 30 seconds. This adds some delay and could thwart attackers.
Locking accounts after x failed attempts.

How are passcodes generated?

Random number generation (RNG) algorithms are at the heart of generating these passcodes. These are not truly random because they are generated by a starting value called a seed. When you see a random number generated by this seed, you cannot guess the next or previous number in the sequence. However, if you know the seed, then the integrity of the RNG system is lost since you can now guess every past and future random number generated by it. Hence, they are called pseudo-random number generators (PRNG) or deterministic random bit generator (DRBG)

Pseudo random number generators are primarily used for generating passcodes. Since the seed is maintained by the passcode generator and should be kept securely.

Why do we need a seed for pseudo-random number generation?

PRNGs use seeds such that after an entire generation of possible random numbers from the seed, the next set of random numbers repeat. This allows us to perform audits since given a seed, another party like an auditor can repeat the process and generate the same sequence of pseudo random numbers as the original set. Usually, hardware inputs are used to create the initial seed. If a pre-generated seed is not used, but rather some default seed (like the system clock) is used, you won’t be able to repeat the randomization.

So, the next time you see passcodes delivered to your phone, you can relive the story of entropy and random number generations until that passcode expires.

Here are some NIST publications covering this in more technical detail:

Liked this post? Share them lest others should find this useful.