I know that the concept of TOTP is for when the device on which the code is to be verified is separate from the device that is going to generate the code.
However, I was wondering if it is a bad idea to use the TOTP algorithm for generating the verification codes used in email/phone_number verification (where the code is both generated and verified on the same device which is the server).
http://dlvr.it/S0hzRd
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment