• 7
    I guess you steal the secret used to generate TOTP tokens.
  • 4
    Check out HMAC, the private key for time based 2fa auth (TOTP) is shared between both parties
  • 1
    Not too hard, iirc.

    Since in rsa you have two primes, and primes become rarer and rarer when you go up, with a good enough list you might be fine with doing 0.001*sqrt(number)^2 checks with 0.001 being a VERY high estimate for how sparse primes are.

    alternatively, you can havea lehmer sieve which can factor immense numbers in a few seconds.

    I have never actually tried either, so take this with a grain of salt
  • 4
    Maybe they mean the pregenerated recovery codes you use when you lose your 2FA token?
  • 2
    2 ways they could of done it.

    1 hack the actual phones of the users or the token API but that is unlikely in my eyes

    The second option I feel is a lot more likely, they had an issue in how they check for 2fa. There are a lot of different ways to do 2fa so they might have fucked it up. This happened with Google before... Kinda if a hacker was able to login to someone's account with their 2fa then they could do a state glitch to indefinitely use a 2fa code that they set even if the user got back into the account. I wrote this just to show the complexity of 2fa and how it can be hacked
  • 1
    @BinaryByter Sorry, but that doesn't work. Strictly speaking it does, but there are still too many number.
    A normal sized key has 617 (decimal) digits.
  • 3
    Hacking the database with all the secrets?
    This doesn't seem to be an attack on authentication mechanism, but rather a normal database leak.
  • 2
    @sbiewald 617? I know RSA but never heard of the standard size of the prime number to implement, people usually use that high?
  • 2
    @devTea 2048 bit.

    The two large primes usually have half the length (which is still too large to guess).
  • 1
    @sbiewald the standard is 2048 bit sized number?
  • 1
    @devTea The RSA has the public key (e, N). N is the product of the two secret prime numbers. e is some other number.

    N usually has a size of 2048 bits (or larger). This results in each prime number of having a size of 1024 bits.
  • 1
    @sbiewald You only need to guess one number, btw. That makes AT UPPER MOST n tests to perforn. Pair that with a good list of prime (easily generated sitg a lehmer sieve) and you are done in a few.
  • 0
    @BinaryByter A good list of primes?
    Both primes are very large (ideally about the same length), it is impossible (*) to get that large list of them.
    There is an uppermost, for sure, but you still need a huge amount.

    The square root of 10^657 (note: the actual value of the public key is different, but it doesn't matter much) is 31622776601683793319988935444327185337195551393252168268575048527925944386392382213442481083793002951873472841528400551485488560304538800146905195967001539033449216571792599406.

    There are a lot of prime numbers up to that.

    (*): With enough time... But I bet you still want to be alive to see the results :)
  • 0
    @sbiewald I'll put this to the test when i have time, but that number still looks okay to do lol. I might be stupid, lol
  • 0
    Secret stealing or factoring is possible, but definitely the hard way.

    I'd put my money on sms hijacking. Or if you can social engineer a rep to reset your secret "I broke my phone and now my 2fa app is inaccessible!" They might just hand you the new secret.
Add Comment