可以将一次性密码用作标识符吗?

时间:2017-03-20 17:55:19

标签: encryption obfuscation one-time-password data-masking

如果我有一堆OTPs混合,如果我知道他们所有的代种子(OPT URI)我可以按源URI分组吗?

我有一个用例,我需要系统100%对其传递的数据关系视而不见。 例如:用户从他们的智能手机输入OTP而不是他们的登录,一个用户识别条目应该变得非常困难。当导出具有OPT种子的系统的数据时,是否可以重新建立入口的所有权?

1 个答案:

答案 0 :(得分:2)

That's possible, but with a big complexity. You will need to generate codes for all seeds you have and then find if there is any match.

Also, there is a chance to receive the same code for different seeds at some moment. To avoid this problem you can ask a user for several consecutive codes, this significantly decreases the possibility of codes matching just by case.