如果我有一堆OTPs混合,如果我知道他们所有的代种子(OPT URI)我可以按源URI分组吗?
我有一个用例,我需要系统100%对其传递的数据关系视而不见。 例如:用户从他们的智能手机输入OTP而不是他们的登录,一个用户识别条目应该变得非常困难。当导出具有OPT种子的系统的数据时,是否可以重新建立入口的所有权?
答案 0 :(得分:2)
That's possible, but with a big complexity. You will need to generate codes for all seeds you have and then find if there is any match.
Also, there is a chance to receive the same code for different seeds at some moment. To avoid this problem you can ask a user for several consecutive codes, this significantly decreases the possibility of codes matching just by case.