Every once in a while the question of MD5 security and Mobile-OTP comes up.
This is a brief statement why there is no practical relevance of MD5
vulnerabilities for the security of Mobile-OTP:
- MD5 collision attacks are not what you are looking for to attack
Mobile-OTP in the first place. An attacker does not even get access to
a full MD5 hash but only its first 24 bits.
- To even try a brute-force attack on the Mobile-OTP secret and PIN, an attacker
would need to get hold of several of the 24 bit one-time-passwords to match against
78 bits of secret data.
- Even if MD5 collision attacks were relevant, there is no significant room for
collisions. Mobile-OTP maps between 78 and 142 bits of data to an MD5 hash of