Randomly chosen OTPs defaced

Jonas Elfström — Mon, 12 Feb 2007 19:45:00 +0100

Gunnar Kreitz has shown that random chosen OTPs aren't nearly as good as I first thought. Against the current trojan they work just fine but Kreitz describes how a modified and more advanced trojan could be effective.

It seems that in the end the protocol only forces the trojan be more complex, adds a time span for the validity of the OTP and makes the attack more likely to fail (there is no guarantee that the user will enter a second OTP or that he will do it in time). I suppose the attacker also would have to make the trojan completely automated or have a 24/7 staff waiting. If the user has opted in to have the n presented as a CAPTCHA it would force the evildoers to have that 24/7 staff.

Advantages:

A TTL (time to live) for OTPs.
Demands more resources and higher complexity from the attacker.

Disadvantages:

A little harder to use (finding the challenged OTP).
In theory not that much more secure.

My bank has support for sending OTPs by SMS but a trojan that works like the one described by Kreitz would have no problem with that one either.

The protection against phising, as in redirecting the user to a fake login page, is still much greater with randomly chosen OTPs.

I find it a bit ironic that the bank in question actually is going to implement something that sounds like randomly chosen OTPs. They recently announced a change in their login procedure: "Vilken engångskod från kodkortet du ska använda framgår på inloggningssidan." / "What one-time password you are supposed to enter will be presented on the login page."

Personally I think the security tokens with signing abilities sounds more and more reasonable.

Alice, Bob, and Mallory: Randomly chosen OTPs defaced

Randomly chosen OTPs defaced

Advantages:

Disadvantages: