A Brief Analysis of the working Principle of the newly introduced Google Authenticator verification system

  • 2020-06-07 05:18:51
  • OfStack

In order to improve the security of Android, Google introduced Google verification application (Google Authenticator) into Android system to ensure the security of account. The Google authentication application USES the following methods: the user installs the mobile phone client, generates temporary authentication code, and submits it to the server for authentication. Similar authentication systems include Authy. Robbie has published a version of its Go implementation on its GitHub page and has written a blog post explaining how it works.

In general, authentication systems implement time-based cryptographic algorithms known as TOTP(ES13en-ES14en ES15en-ES16en Password). The algorithm is composed of three parts:

1.1 Shared keys (series 1 base 2 data)
2.1 Inputs based on the current time
3.1 Signature functions

1. Shared keys

Users need to obtain a Shared key when creating a mobile authentication system. This can be done either by scanning a given 2-d code with a recognition program or by entering it manually. The key is 3102 bits, but not 6104 bits, as explained by Wikipedia.

For those users who enter the keys manually, the Google authentication system presents the Shared key in the following format:


xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx

256 bit data, although other verification systems may be shorter.

For the scanned user, QR identifies the following URL link:

otpauth://totp/Google%3Ayourname@gmail.com?secret=xxxx & issuer=Google

2. Input based on current time

This input is generated based on the user's mobile phone time. Once the user completes the key sharing in step 1, there is no relationship with the authentication server. However, it is important that the user's phone time is accurate, because from the algorithm principle, the authentication server will repeat the user's phone operation based on the same time. Going forward, the server calculates the token for a few minutes before and after the current time and compares it to the token submitted by the user. So if the time difference is too great, the authentication process will fail.

3. Signature function

The Google signature function USES HMAC-SHA1. HMAC, a hash based message verification code, provides an algorithm that can generate signatures using relatively secure one-way hash functions (such as SHA1). This is how validation algorithms work: only the Shared key owner and the server can get the same output signature based on the same input (time-based). The pseudocode is as follows:


hmac = SHA1(secret + SHA1(secret + input))

The principle of TOTP mentioned at the beginning of this article is similar to that of HMAC, except that TOTP emphasizes that the input 1 must be current time dependent. Similarly, HOTP, which USES incremental counters, requires constant synchronization with the server.

Introduction to algorithm flow

First, the key needs to be decoded with base32. To facilitate user input, Google USES Spaces and lowercase to represent the key. However, base32 cannot have Spaces and must be capitalized. The pseudo-code is handled as follows:


original_secret = xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
secret = BASE32_DECODE(TO_UPPERCASE(REMOVE_SPACES(original_secret)))

The next step is to get the input from the current time, usually Unix time, which is the number of seconds from the start of the current cycle to the present


input = CURRENT_UNIX_TIME()

There is a point here that captcha has a time limit of about 30 seconds. This kind of design is for the convenience of user input, and the captcha that changes every second is difficult for the user to enter quickly and accurately. In order to achieve this timeliness, it can be achieved by divisible into 30, namely:

input = CURRENT_UNIX_TIME() / 30

The last step is the signature function, HMAC-SHA1. All the pseudocodes are as follows:

original_secret = xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
secret = BASE32_DECODE(TO_UPPERCASE(REMOVE_SPACES(original_secret)))
input = CURRENT_UNIX_TIME() / 30
hmac = SHA1(secret + SHA1(secret + input))

Once you've done that, you've basically achieved double validation. Since HMAC is a standard length value of SHA1, with 410 characters, it is difficult for the user to enter it correctly once, so some formatting is required. Refer to the following pseudocode:

four_bytes = hmac[LAST_BYTE(hmac):LAST_BYTE(hmac) + 4]
large_integer = INT(four_bytes)
small_integer = large_integer % 1,000,000


Related articles: