BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION: 'Title: [T]OTPs are not as secure as you might believe\n W
hen: Friday\, Aug 12\, 17:30 - 17:59 PDT\n Where: Flamingo - Vista Ballr
oom (Crypto Privacy Village) - [1]Map\n\n SpeakerBio:Santiago Kantorowic
z\n Santiago is a Staff Security Engineer at Twilio\, with 14 years of\n
experience in cybersecurity. He worked for 6 years securing and\n des
igning OTP and TOTP products\, such as Authy and Twilio Verify. He\n is
currently dedicated to securing Twilio Voice and video products\n along
with Twilio Edge infrastructure. He started his cybersecurity\n journey
doing Pen Test for 5 years\, and then moved to MercadoLibre to\n kicksta
rt the Appsec deparment. During his journey he discovered\n pasion for o
ther topics and worked on non-security roles such as a\n Product Manager
and as a Product Architect.\n\n Description:\n You likely receive OTP
s (one-time-passwords) all the time\, usually in\n the form of an SMS wi
th a 4 to 8 digit code in it. Pretty common when\n you sign-in (or regis
ter) to Uber\, your bank\, Whatsapp\, etc. The most\n adopted OTP size i
s 6 digits\, and we just accept that it's hard to\n guess\, after all it
's 1 in a million chance\, and leave it there. Some\n may wonder\, what
if get a new OTP after the first one expires\,\n assuming it's another 1
in a million chance\, and forget about it. When\n you calculate the act
ual chance of guessing an OTP one after the\n other\, the odds are NOT 1
in a million. You will be surprised how the\n probabilities spiral once
you start thinking of brute forcing OTPs one\n after the other\, and wh
at about parallelising the brute force among\n different users\, the sur
prise is even bigger.\n '\n\n 1. https://defcon.outel.org/consolidated
_page.html#FlamingoThirdFloor\n\n\n
DTEND:20220813T005900Z
DTSTART:20220813T003000Z
LOCATION:CPV - Flamingo - Vista Ballroom (Crypto Privacy Village)
SUMMARY:[T]OTPs are not as secure as you might believe
END:VEVENT
END:VCALENDAR