From: Tim Düsterhus Date: Wed, 25 Nov 2020 10:08:28 +0000 (+0100) Subject: Explain the choice of the backup code parameters X-Git-Tag: 5.4.0_Alpha_1~555^2~28^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f001a5e9e7d59bf4ff1c3a8c2c748f204c03eee1;p=GitHub%2FWoltLab%2FWCF.git Explain the choice of the backup code parameters --- diff --git a/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php b/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php index dbd7d44bc2..2110781ac0 100644 --- a/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php +++ b/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php @@ -30,6 +30,19 @@ class BackupMultifactorMethod implements IMultifactorMethod { */ private $algorithm; + // 4 chunks of 5 digits each result in code space of 10^20 which + // is equivalent to 66.4 bits of security. The unhashed 3 chunks + // of 5 digits result in 10^15 which is equivalent to 49.8 bits + // of security. + // This is sufficient for a rate-limited online attack, but a bit + // short for an offline attack using a stolen database. In the + // latter case the TOTP secret which needs to be stored in a form + // that allows generating valid codes poses a far bigger threat + // to a single user's security. + // Thus we use a 20 digit code. It gives users a warm and fuzzy + // feeling that the codes cannot be easily guessed (due to being + // longish), while not being unwieldy like a hexadecimal, base32 + // or base64 string. public const CHUNKS = 4; public const CHUNK_LENGTH = 5;