1. T/Key: Second-Factor Authentication From Secure Hash Chains 2017 CCS Hashing Implementation
    Dmitry Kogan, Nathan Manohar, and Dan Boneh
    [View PDF on acmccs.github.io]
    [Show BibTex Citation]

    @inproceedings{10.1145/3133956.3133989,
    author = {Kogan, Dmitry and Manohar, Nathan and Boneh, Dan},
    title = {T/Key: Second-Factor Authentication From Secure Hash Chains},
    year = {2017},
    isbn = {9781450349468},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    url = {https://doi.org/10.1145/3133956.3133989},
    doi = {10.1145/3133956.3133989},
    booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security},
    pages = {983–999},
    numpages = {17},
    keywords = {two-factor authentication, hash chains},
    location = {Dallas, Texas, USA},
    series = {CCS ’17}
    }

Time-based one-time password (TOTP) systems in use today require storing secrets on both the client and the server. As a result, an attack on the server can expose all second factors for all users in the system. We present T/Key, a time-based one-time password system that requires no secrets on the server. Our work modernizes the classic S/Key system and addresses the challenges in making such a system secure and practical. At the heart of our construction is a new lower bound analyzing the hardness of inverting hash chains composed of independent random functions, which formalizes the security of this widely used primitive. Additionally, we develop a near-optimal algorithm for quickly generating the required elements in a hash chain with little memory on the client. We report on our implementation of T/Key as an Android application. T/Key can be used as a replacement for current TOTP systems, and it remains secure in the event of a server-side compromise. The cost, as with S/Key, is that one-time passwords are longer than the standard six characters used in TOTP.

  1.