Which one-time password method uses a shared secret and a counter to generate codes instead of time?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the CompTIA SecurityX Test. Equip yourself with comprehensive flashcards and multiple choice questions that include hints and explanations. Gear up for your certification exam!

Multiple Choice

Which one-time password method uses a shared secret and a counter to generate codes instead of time?

Explanation:
The concept tested is event-based one-time passwords, where the code is derived from a shared secret and a counter. This method, HOTP, uses the secret plus a counter that increments with each authentication. Both the client and server hold the same secret and keep the same counter value, and the code is produced by applying an HMAC to the secret and the counter, then truncating to a numeric code. Because both sides compute the same value, the server can verify the login by checking the HOTP generated from the expected counter. This differs from time-based OTPs, which derive the code from the current time rather than a counter, so the code changes with time steps. The other options describe how the authentication message is delivered (in-band vs out-of-band) rather than how the OTP itself is generated, or they refer to the time-based approach rather than the counter-based approach. Thus, HOTP is the method that uses a shared secret and a counter to generate codes instead of time.

The concept tested is event-based one-time passwords, where the code is derived from a shared secret and a counter. This method, HOTP, uses the secret plus a counter that increments with each authentication. Both the client and server hold the same secret and keep the same counter value, and the code is produced by applying an HMAC to the secret and the counter, then truncating to a numeric code. Because both sides compute the same value, the server can verify the login by checking the HOTP generated from the expected counter.

This differs from time-based OTPs, which derive the code from the current time rather than a counter, so the code changes with time steps. The other options describe how the authentication message is delivered (in-band vs out-of-band) rather than how the OTP itself is generated, or they refer to the time-based approach rather than the counter-based approach. Thus, HOTP is the method that uses a shared secret and a counter to generate codes instead of time.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy