Pairwise Authentication of Humans

Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.

To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons.

This is how it works:

  1. Two people, Person A and Person B, sit in front of the same computer and open this page;
  2. They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”;
  3. The page will generate two TOTP QR codes, one for Alice and one for Bob;
  4. Alice and Bob scan the respective QR code into a TOTP mobile app (such as Authy or Google Authenticator) on their respective mobile phones;
  5. In the future, when Alice speaks with Bob over the phone or over video call, and wants to verify the identity of Bob, Alice asks Bob to provide the 6-digit TOTP code from the mobile app. If the code matches what Alice has on her own phone, then Alice has more confidence that she is speaking with the real Bob.

Simple, and clever.

Tags: ,

Posted on February 10, 2025 at 7:00 AM22 Comments

Comments

Andreas E February 10, 2025 7:54 AM

You can do this without a webpage (i.e. offline): Open KeePass on Alice’s PC, let it generate a decent seed for a TOTP on Alice’s KeePass database and store a copy on Bob’s KeePass database.

Once they’d want to authenticate to each other, they simply both generate the current TOTP and compare.

Zsolt February 10, 2025 8:12 AM

“The page will generate two TOTP QR codes, one for Alice and one for Bob”

Why do you need two TOTP seeds for authentication between exactly two people? The only reason I can think of is if you want mutual authentication at the very same moment. Otherwise a single TOTP seed (shared between the two people) should suffice and assuming that the code generators (e.g. Google Authenticator) generate/show a new code every minute, they can both authenticate the other one just a minute apart.

Zsolt February 10, 2025 8:45 AM

Sorry for the previous question, didn’t check the source/demo. Now I see that the two QR-codes have the same secret/seed (so there’s only one shared secret as I already assumed should be) and only the labels are different. So Alice’s phone shows the label “Bob” and Bob’s phone shows the label “Alice” in the Authenticator app.

Sean February 10, 2025 8:55 AM

Seems to me this is something old, long ago solved by PGP, where you each have the public key of the other, and being in front of the same computer in person you can simply have a key swap instead. About as secure, and also allows the message to be encrypted as well each way.

wiredog February 10, 2025 9:34 AM

This gives Alice confidence she’s talking to whoever has Bob’s phone, and vice versa. Whether Alice and Bob are actually holding the phones may be undetermined.

Jay Ashworth February 10, 2025 11:28 AM

As Jack and Wiredog suggest (and I commented on FB), “verify the identity of Bob” seems to be carrying too much water here: even if you’re sure Bob’s phone hasn’t gone walkabout, this protocol doesn’t guarantee to Alice that it is Bob; something else has to do that — it’s not in-scope here, right?

Me February 10, 2025 2:10 PM

@Harry Potter

You may be a wizard, but I am apparently psychic. I saw the xkcd link, and immediately knew you were talking about the $5 wrench attack.

Anony February 10, 2025 6:47 PM

Has anyone considered man-in-the-middle with AI? AI could handle the conversation, mimic the other person’s voice, etc; Separating into two independent conversations when the time was right; And rejoining the original parties with a time-lag afterwards…

Like a conversation between a CEO & CFO, and inserting a bit in the middle of the conversation about fraudulently cutting a check to some company right away. That sort of thing has been done before, but involved completely faking the entire CEO side, not inserting extra parts into the CEO side in the middle of a real conversation in real time without either party being the wiser.

Kinda puts Britain’s idea about forcing Apple to break their encryption into perspective… I wonder how many such AI phone calls it would take for their higher-ups to see the light? Perhaps just one, done as a proof-of-concept demonstration?

As for the system described above, we already do something similar by asking questions only the correct party knows: What is your childhood pet’s name? Where did you grow up? Who was your high school sweetheart? What color was your first car? Heck, my credit card company verifies me with extra numbers printed on my credit card that only they know.

I actually saw this happen back when I was a kid, with school bullies phoning up other kids pretending to be someone else. My friends & I just exchanged a password, or an unusual response to a standard question like ‘Hows the weather?”, to verify the other party.

This system is just a more complicated version, with more that can go wrong, all so some middleman can make money.

However it does raise interesting questions about AI and modifying existing phone conversations in real time.

anon February 10, 2025 9:38 PM

Actually, it only authenticates the code itself. I have all of my google authenticator tokens installed in two apps on two devices (one is currently dead) and I have an image of the QR code saved in a password manager. Also, some implementations of TOTP don’t change the key once the account has been created.

Pick 2 February 11, 2025 1:09 AM

Simple, clever, and wrong

A pretty good project for a student! Though I have to admit that I don’t understand how AI would play into this scenario at all

Pick 2 February 11, 2025 1:23 AM

Ah, my bad the author’s description here

https://news.ycombinator.com/item?id=42943700

This is a little stupid project that I created after seeing what AI can do nowadays.
In an “ideal” world:

– everybody should start using public/private key cryptography to authenticate each other, but that’s still rather unwieldy nowadays. I’m not aware of any solution with a good UX;

– people would stop posting their photos/videos/audio recordings on the web, and also scrub anything that have been uploaded in the past.

We don’t live in an “ideal” world, and TOTP is pretty widespread now, and you can easily read the TOTP code over the phone, etc. So this solution was born.

So they clearly know what they are doing…

I’m glad you like it. The whole thing might be a bit paranoid, but it was a fun exercise trying to get an LLM to code for me (I used DeepSeek to code the base, and then manually fixed some stuff, and then asked DeepSeek to add i18n for me).

Winter February 11, 2025 5:14 AM

This could supplement the widely common personal “code word” method.

There might be applications or situations where you would not want to use your (secret) code word, eg, when others are present or you are not “private” in another sense.[1] In such situations you might rather use a technical method that is safe against eavesdropping or shoulder surfing.

[1] You could use it as a distress signal itself if and adversary can see and listen what you are doing.

Matt February 11, 2025 5:30 AM

Works really great when Bob calls Alice from an unknown number and tells her he needs some money wired quick because he’s on vacation and had all his personal effects, including his phone, stolen.

Celos February 11, 2025 1:44 PM

TOTP can also be used to have the computer you try to log into authenticate to you and hence it can be used for mutual authentication. No idea why this gets overlooked so often.

Clive Robinson February 11, 2025 8:07 PM

@ wiredog, Jack S, Jay Ashworth,

Yup it verifies the code or the device but not the person.

To do that it needs two things added,

1, Something that the person knows.
2, A challenge and response around it.

The problem is humans are really quite bad at even remembering a bank card pin let alone a longer number, hence we tend to use words or phrases but they in turn cause their own “cognitive workload” issues.

Try asking someone to remember a random four digit number, then ask them to “in their head” add another random four digit number you just give them and tell you the result without writing anything down, or saying anything but the result…

Back more than half a century ago when “mental arithmetic” was a normal everyday thing this was possible for most to do…

Now we have calculators and computers in their pocket or on their wrist many if not most can not do it. Because “it’s a skill they’ve not acquired or practiced from a young age”.

This makes it very difficult for “modern humans” unaided by devices to authenticate securely.

M February 15, 2025 10:23 AM

This would work unless any sort of social engineering is employed.

For instance, there’s a call

“I really need your help. It’s an emergency!”
“Enter the 6-digit code.”
“But it’s an emergency!”

Clive Robinson February 16, 2025 2:21 AM

@ Jay,

With regards “Bad grammar”

Awkward language certainly but You might want to go back a step…

There are actually “four entities” involved in the communication. Two of which are “natural persons” of 1st and 2nd parties and two are alleged facsimiles of the natural persons as presented on some “device” held by each of the natural persons.

In an honest communication none are

“a digital impersonator.”

Nor is there a digital impersonation presented in either device.

However a dishonest communication of the type envisioned requires at least one more entity / party to be an “impersonator”, digital or otherwise that generates a false facsimile to be presented in a device for the purpose of deceiving the party holding it.

It is the facsimile created of the “impersonator” that is the “impersonation”, which is placed into the communication channel prior to either the 1st or 2nd parties “device” with intent to deceive that party.

There is no “quick or easy way” to describe the situation as there is more than one way to perform such an attack.

Which gives the main problem with the method, (which I’ve described off and on now for getting on for a third of a century),

“You are authenticating the communications channel, not the message transaction it carries.”

I first identified this issue back in the very early days of “home banking” prior to the “Internet”, when you used to dial up and connect to the banks systems via a “Plain Old Telephone System”(POTS) phone or modem. But I had assumed incorrectly that breaking into a communications channel once authenticated would be too difficult to accomplish. Because POTS comms were “continuous”, “circuit switched” systems, not “discontinuous”, “packet switched” systems… First X25 then IP changed all of that as “data comms” was made “more efficient” by “multiplexing” packets down a single communications channel. The reality of today is there really are nolonger “end to end” “circuit switched” networks in common use as even the traditional “last mile” is being replaced and radio systems become “trunked”.

Multiplexing is another example of,

“Efficiency -v- Security”

A point that few outside of select circles appear to be sufficiently cognizant of, hence the rapidly increasing numbers of vulnerabilities.

Yes this is a “learning style project” to see what an LLM system can code up. But it’s not “secure” because it does not consider every link in the whole system. I guess you could say,

“Because it was not in the spec.”

Now however it’s out there as a system with a vulnerability that can be exploited…

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.