I'm pretty sure that the 2FA codes generated by my bank's TOTP app have a bias towards the number 8 - because eight is an auspicious number. But is that just my stupid meaty brain noticing patterns where none exist? The TOTP algorithm uses HMAC, which in turn uses SHA-1. My aforementioned brain is not […]
For anyone who doesn’t read the article, the biases shown in the thumbnail are not the final result. After doing a million runs, every digit had close to the same probability of appearing.
For anyone who doesn’t read the article, the biases shown in the thumbnail are not the final result. After doing a million runs, every digit had close to the same probability of appearing.