![]() ![]() ![]() I think that it could also improve the security of the phone initially sends it's machine key to the login server with it's public key so that both parties use this for hashing. The server (that knows the expected key) decrypts the token and does the same thing and compares those abbrieviated hashes. This could be achieved by using the time before encrypting it and takes e.g. The 2FA token is only 6 digits or something like that. The server tests if the decrypted token matches the time and grants you access (or not). When logging in, the server decrypts the phones token(that you entered) using the public key. You tell the login server that you trust this phone and the key server accepts the key from the phone.Įvery minute (it could be another time but this needs to be specified), your phone signs/encryptd the time using it's private key (that results in the 2fa token). The key generator (phone) creates a key pair and sends out the public key login server. You may get better security using asymmetric encryption: When logging in, the server calculates the last time a key is generated and generates a key. The key server creates a key and sends out to the key generator(the mobile phone).Įvery minute (it could be another time but this needs to be specified), your phone encrypts the time using the key. You tell the login server that you trust this phone. one millisecond but the token would be generated and displayed at the wrong time. To do this, there is an important requirement: The system time on the generator device and the server (you use for loving in) must be the same. As you surely know, the mobile can generate a token that can be used and it works even if the generator device is offline and after some time, the token expires and a new token is generated. As far as I understand, you want to know how 2FA apps (like Google Authenticator or similar) could work. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |