Am working on a project that uses the one time password technology. This feature allows the system to send a randomly generated code to the user's cell phone in form of an SMS whenever a login attempt is initiated. My question is, is such a method hackable under any circumstances?

Open to suggestions.

depends on the implementation;some issues that are possible:

Intercept the password
Force the SMS to the wrong phone
Lack of keyspace for the code
Guessable code
Steal the phone
Non-expiring codes

of course I have no idea since you didn't say what software it was..

-id

Thanks for the response. To further explain my question;

1) We are not using any third party software.
2) When you said intercept the password, do you mean a vulnerability from the backend? I guess though, or via some advanced bluetooth/sms traffic hijacking.

3) Forcing the sms to the wrong number can only occur if the application itself has a hole that is accessible by an attacker.

4) What do you mean by "Lack of keyspace for the code"
5) The code I believe will not be guessable as it's not reusable and it expires after a very short time (say 5 minutes). More so, three failed trials result to a temporary account suspension.

Finally, I think my question was meant to be: How can A one time password be compromised from/by a user aside from the phone being stolen?

1) Homegrown security solutions tend to suck, not saying yours does, just that odds are in favor of it.

2) Well, you have to trust the SMS gateway, the protocol you're delivering it to the gateway with (ie: email). Then as you mention bluetooth hijacking, viruses on the phone or even call interception.

3) see #1

4) Lets say you only use 4-5 digits, which is common, an attacker may just brute force it for a day or for weeks...harder to do than static password, but not impossible, and if I get the user's pin even easier.

5) what PRNG are you using? Have you read FIPS-140? With your 3 failed lockout, can an attacker DoS your business?

So yes, there's lots of ways a one time password can be compromised, I don't have all of them listed here, but interception, guessing and circumnavigation of the authentication are the obvious ones.

-id



Edited 1 time(s). Last edit at 11/03/2009 03:36PM by id.

Thank you for the explanation, I have it noted.

Numbers are brute forced pretty much instant, any password should be a minimum of 12 characters A-Z 0-9 and special chars of choice. No less. These days, distributed computing makes it a fairly easy task to attack insecure passwords quickly. Some (albeit distributed) systems have the capacity to guess 1,4 billion passwords a second. a 12 char password on such system still takes hundreds of years, whereas a number password of 6 to 8 is guessed instant, even on a Pentium I this can be done in mater of minutes.



Edited 1 time(s). Last edit at 11/07/2009 10:20AM by rvdh.

Oh, and I believe you are actually talking about two factor authentication unless the user doesn't actually have a PIN or password that goes with the OTP.

And Ronald, I don't think password length is mattering much here, since it shouldn't matter if you crack a OTP. I haven't seen a analysis of OTPs attacking the keyspace, but with a good PRNG the limiting factor should be response time of the system and the key length.(though it is a much smaller factor in bruteforce)

-id



Edited 1 time(s). Last edit at 11/08/2009 11:28AM by id.

It will definitely not just be numbers, rather an A-Z 0-9 characters as you have stated would be deployed. Thank you for the points though.

For nitation:

Can you do onething. You must be having a user generated login name/password for submitting to the login form. Encrypt the text with this loginname/password as a key.....so even if somebody gets this key he would not be able to login until he is using the correct other criteria for logging in to such thing.

NEVER USE ANY ALGORITHM TO GENERATE OR CHECK SUCH REQUESTS IF VISITORS ARE LESS.

I advice generate them and store in a table, so only a handful of them are valid, so that even somebody figures out the algorithm you are using to generate these codes still he can never login unless he generates the same code as you are having in the table, which is a very rare chance. As these codes are deleted marked them as invalid and keep a history of all such codes which will always help you in getting to the root of any successful illegal authenticated login.

USE MULTIPLE GATEWAYS FOR SENDING SMSs

You will find a lot of gateways over internet for sending such text messages. Buy 4-5 of them at a time and make a algorithm to randomly select any of them. So even if a hijacker is peeping over your data it is not always possible he figures out the entire thing. Alternatively you can break the code into 2 parts and send them through 2 of these SMS gateways selected at random. So only the user's cellphone which gets both the text will be able to login. Anybody internal to these SMS gatways would not be able to login since he will have the half code only.

Moreover it will lead your system to be fault tolerant. Having multiple SMS gateways won't take your whole login system to be down if any of them is down.