Discover and read the best of Twitter Threads about #mAadhaar

Most recents (1)

Profile picture
V. Anand | வெ. ஆனந்த்
@iam_anandv
Looks like #mAadhaar is back in news again because of @fs0c131y . For those who are wondering, what the problem is with the OTP code, of mAadhaar, a short primer follows: 👇
1. Clients need secrets to talk with servers. Usually clients need to authenticate themselves. (Password).
2. In this case, the password is the OTP. Unlike a password, which is in *your head*, the OTP is a dynamic password sent to the phone via SMS. So if OTP is revealed?
3. Whoever gets the OTP, becomes you. This is not new type of attack, but one that we see on Banking all the time. So what does mAadhaar use OTP for?
4. It exchanges a secret with the Android App. And the secret is then used to generate VID, TOTP etc.
Read 8 tweets

Related hashtags

#mAadhaar

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!