In a counter-based OTP system, what is the role of the secret key?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

In a counter-based OTP system, what is the role of the secret key?

Explanation:
The secret key acts as the shared input for generating the one-time password using a keyed-hash function (like HMAC) with the current counter value. The device computes the OTP by applying the hash to the secret key and the moving factor, then the server, which also knows that secret key, recomputes the same OTP for the current counter and compares it to what the user provided. If they match, authentication succeeds. The key isn’t decrypted or publicly shared, and the OTP isn’t “encrypted”—it’s a deterministic output derived from the secret key and the counter, used for verification.

The secret key acts as the shared input for generating the one-time password using a keyed-hash function (like HMAC) with the current counter value. The device computes the OTP by applying the hash to the secret key and the moving factor, then the server, which also knows that secret key, recomputes the same OTP for the current counter and compares it to what the user provided. If they match, authentication succeeds. The key isn’t decrypted or publicly shared, and the OTP isn’t “encrypted”—it’s a deterministic output derived from the secret key and the counter, used for verification.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy