this post was submitted on 07 Jan 2025
915 points (99.6% liked)

memes

10854 readers
3796 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to [email protected]

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

Sister communities

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 18 hours ago (2 children)

My bank uses a TOTP and they not only block paste, they also block all typing. Instead they popup a modal with a 0-9 digit keypand and the location of each number changes every time.

Effing obnoxious.

[–] [email protected] 5 points 12 hours ago* (last edited 12 hours ago) (2 children)

That's a security standard preventing keyloggers from guessing your credentials.

[–] [email protected] 10 points 9 hours ago

That's ~~a~~ security ~~standard~~ theater pretending to prevent~~ing~~ keyloggers from guessing your credentials.

FTFY

[–] [email protected] 5 points 12 hours ago

The TOTP changes every time. For modern totp hashing I'm not sure how many sequential codes a keylogger would need but I'm guessing more than I will ever enter.

Edit, asked ai for an answer to that because I was curious (maybe it's right):

Start AI

That being said, if an attacker were able to collect a large number of TOTP codes, they might be able to launch a brute-force attack to try to guess the private key. However, this would require an enormous amount of computational power and time.

To give you an idea of the scale, let's consider the following:

Assume an attacker collects 1000 TOTP codes, each 6 digits long (a common length for TOTP codes).
Assume the private key is 128 bits long (a common length for cryptographic keys).
Assume the attacker uses a powerful computer that can perform 1 billion computations per second.

Using a brute-force attack, the attacker would need to try approximately 2^128 (3.4 x 10^38) possible private keys to guess the correct one. Even with a powerful computer, this would take an enormous amount of time - on the order of billions of years.

[–] [email protected] 4 points 18 hours ago (1 children)

Bank developer played too much RuneScape?

[–] [email protected] 5 points 18 hours ago

Lmao I was just about to comment, their bank must have hired a UX designer from Jagex lol