Techly NewsGet the app

Get the latest tech news

How random are TOTP codes?


I'm pretty sure that the 2FA codes generated by my bank's TOTP app have a bias towards the number 8 - because eight is an auspicious number. But is that just my stupid meaty brain noticing patterns where none exist? The TOTP algorithm uses HMAC, which in turn uses SHA-1.

Is it possible that a TOTP code could be formed which shows a clear bias to a specific number? I love being able to check the source code - but sometimes it's just as reassuring to measure the output. Twitter Facebook LinkedIn Reddit HackerNews Lobsters Pocket WhatsApp Telegram

Get the Android app

Or read this on Hacker News

Read more on:

Photo of TOTP codes

TOTP codes

« General Electric HTRE-3 Nuclear Jet Engine
Labour Party Set for Landslide Win in UK Election »