TOTP issue
#1
Hi all,
I generate a TOTP PIN thanks to python lib, using 'hashcat' password.

Code:
import pyotp

# base32_encode(hashcat) = NBQXG2DDMF2A====

totp = pyotp.TOTP("NBQXG2DDMF2A====")
print(totp.at(1572603245)+":1572603245")
test.hash contains PIN + timestamp:
Quote:915418:1572603245
I launch:
Quote:hashcat -m 18100 -a 3 -o res.txt test.hash ?l?l?l?l?l?l?l
Status : cracked, result is :
Quote:915418:1572603245:MJQXE3TDNZYA====
But
Quote:base32_decode(MJQXE3TDNZYA====) = barncnp
which is not the password 'hashcat'..

using hashcat-5.1.0+1409

Thanks for your help.
Reply
#2
TOTP collisions can happen for single PIN+timestamp pairs, and so you have found a key that collides with your timestamp and PIN, but is not the proper key. Enable --keep-guessing to get more valid collisions, or add more PIN+timestamp pairs to try and narrow down what the real key is.
Reply
#3
Ok, I was not aware that collisions would work with this algorithm!
I confirm that collided passwords generate the same PIN.
Adding --keep-guessing + adding more PINs do find the 'original' password.
Thanks!
Reply