Google Authenticator
| Google Authenticator | |
|---|---|
| Basic data
|
|
| developer | |
| Publishing year | 20th September 2010 |
| Current version |
1.02 ( November 9, 2016 ) |
| operating system | Android , iOS , Blackberry OS |
| License | non-free software license, non-free software license, Apache license, version 2.0 |
| German speaking | Yes |
| play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 | |
Google Authenticator is a mobile app from Google Inc. It enables two-step authentication using one-time passwords in accordance with the cross-industry Initiative For Open Authentication (OATH) and supports the HMAC standard in a non-RFC-compliant implementation with secret codes that are reduced in length. based One-time Password Algorithm (OATH-HOTP) according to RFC 4226 , a one-time password procedure based on a counter, and derived from it the Time-based One-time Password Algorithm (OATH-TOTP) according to RFC 6238 , which is a time-limited one-time password procedure.
functionality
The server, which offers a login protected by Google Authenticator , generates an 80-bit long secret code during the initial initialization, which the user has to transfer to a personal device - usually a smartphone . For this purpose, the secret is transmitted as a QR code or as a character string in the form of a Base32 representation.
The unencrypted transmission process is a weakness, as is the fact that the secret code is stored in clear text on the device. Contrary to the specifications in RFC 4226 , the Google Authenticator method only uses an 80-bit secret code - according to RFC 4226 , the length of the secret code should be at least 128 bits, 160 bits are recommended. Since the secret is the shared secret of the procedure, the code can only be read from a trustworthy computer. A photograph of the QR code would also compromise the secret.
After this first step, the secret is ideally only known to the server and the user's personal device and should never leave this memory. A one- time password is generated for authorization , which is calculated from the current time and the secret . For this reason, the clocks of the client and server must be approximately synchronized . The pseudocode below provides a new password every 30 seconds. In practice, the server can be programmed to accept the predecessor and successor code in order to cover time deviations of the client of up to one minute. Instead of the time, according to the specification, a counter can also serve as a basis, which is incremented on both sides with each login. However, this variant is currently not used.
When logging in, the user must now enter the generated one-time password in addition to the normal password. The secret required to generate the one-time password is no longer transmitted and can therefore not be intercepted.
Due to its principle, Google Authenticator reliably protects against keyloggers and the reading of passwords as they are entered, but not - in contrast to Fido U2F - against man-in-the-middle attacks in which an attacker presents a fake login page. In addition, most providers allow certain computers to be defined as trustworthy clients from which logons can be made without a one-time password. If an attacker can gain access to such a computer, the additional protection is no longer available.
Weak points
The authenticator saves the secrets agreed with the servers in clear text in a SQLite database on the mobile device. The security of the procedure therefore depends on the security of the operating system used. If this security is compromised by the user (for example by rooting in smartphones ) or by security gaps in the operating system, the secrets can be read out without the knowledge of the authorized user and used to calculate one-time passwords; an attacker can thus bypass the additional protection provided by the two-stage process.
If an attacker gains physical possession of the mobile device, he can read the secrets from the memory - even when it is switched off - as long as the entire device is not encrypted.
Despite certain weaknesses in the implementation details, the use of two-factor authentication even with this app results in a great gain in security, as the effort for an attacker to use this method is considerably higher than with one-factor authentication using only a password .
Pseudocode
function GoogleAuthenticatorCode(string secret)
key := base32decode(secret)
message := floor(current Unix time / 30)
hash := HMAC-SHA1(key, message)
offset := last nibble of hash
truncatedHash := hash[offset..offset+3] //4 bytes starting at the offset
Set the first bit of truncatedHash to zero //remove the most significant bit
code := truncatedHash mod 1000000
pad code with 0 until length of code is 6
return code
Web links
- Project page (English)
Individual evidence
- ↑ Release 1.02 . November 9, 2016 (accessed July 20, 2018).
- ↑ a b gitlab.com .
- ↑ f-droid.org .
- ↑ RFC 4226 HOTP: HMAC-based One-time Password Algorithm
- ↑ RFC 6238 TOTP: Time-Based One-Time Password Algorithm
- ↑ Recovering Google Authenticator keys from Android device for backup. Retrieved November 19, 2016 (On Android mobile devices, the secret code is stored at /data/data/com.google.android.apps.authenticator2/databases/databases ).