- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
(System Design 23/100) Turn on Airplane Mode. Google Authenticator still generates an OTP
Interviewer 👨💻
Turn on Airplane Mode. Google Authenticator still generates an OTP that the server accepts.
How do both generate the exact same 6-digit code without any communication? 🤔
Most developers know how to use Google Authenticator.
Far fewer know how it actually works.
━━━━━━━━━━━━━━━━━━━━
1️⃣ The Secret Setup
When you enable 2FA:
🔑 The server generates a secret key.
Example:
"JBSWY3DPEHPK3PXP"
The same secret is stored:
✅ On your phone
✅ On the server
Usually through a QR code scan.
━━━━━━━━━━━━━━━━━━━━
2️⃣ How the OTP Is Generated
Google Authenticator uses TOTP (Time-Based One-Time Password).
Every 30 seconds, both the phone and server calculate:
OTP = HMAC(secret, currentTimeWindow)
Flow:
🔑 Secret Key + ⏰ Current Time
⬇️
HMAC-SHA1
⬇️
6-Digit OTP
Since both sides have:
✅ The same secret
✅ Nearly the same time
They generate the same code independently.
━━━━━━━━━━━━━━━━━━━━
3️⃣ Why No Internet Is Needed
Phone:
🔑 Secret + Time → 123456
Server:
🔑 Same Secret + Same Time → 123456
No API call.
No network request.
No communication.
Just the same mathematical calculation on both sides.
━━━━━━━━━━━━━━━━━━━━
4️⃣ What If the Clocks Differ?
Small clock differences happen.
To handle this, servers usually accept:
✅ Current time window
✅ Previous window
✅ Next window
This allows a small amount of clock drift without compromising security.
━━━━━━━━━━━━━━━━━━━━
🎯 Interview Answer
"Google Authenticator uses TOTP, where both the phone and server share the same secret key. Every 30 seconds, they independently generate an OTP using HMAC-SHA1 and the current time window. Since both have the same secret and time reference, they produce the same 6-digit code without any network communication."
Follow @ITWarriorShubham for more System Design and Backend Engineering interview questions 🚀
#Security #Authentication #2FA #OTP #TOTP #CyberSecurity #BackendDevelopment #SystemDesign #SoftwareEngineering #TechInterview
Видео (System Design 23/100) Turn on Airplane Mode. Google Authenticator still generates an OTP канала ITWarriorShubham
Turn on Airplane Mode. Google Authenticator still generates an OTP that the server accepts.
How do both generate the exact same 6-digit code without any communication? 🤔
Most developers know how to use Google Authenticator.
Far fewer know how it actually works.
━━━━━━━━━━━━━━━━━━━━
1️⃣ The Secret Setup
When you enable 2FA:
🔑 The server generates a secret key.
Example:
"JBSWY3DPEHPK3PXP"
The same secret is stored:
✅ On your phone
✅ On the server
Usually through a QR code scan.
━━━━━━━━━━━━━━━━━━━━
2️⃣ How the OTP Is Generated
Google Authenticator uses TOTP (Time-Based One-Time Password).
Every 30 seconds, both the phone and server calculate:
OTP = HMAC(secret, currentTimeWindow)
Flow:
🔑 Secret Key + ⏰ Current Time
⬇️
HMAC-SHA1
⬇️
6-Digit OTP
Since both sides have:
✅ The same secret
✅ Nearly the same time
They generate the same code independently.
━━━━━━━━━━━━━━━━━━━━
3️⃣ Why No Internet Is Needed
Phone:
🔑 Secret + Time → 123456
Server:
🔑 Same Secret + Same Time → 123456
No API call.
No network request.
No communication.
Just the same mathematical calculation on both sides.
━━━━━━━━━━━━━━━━━━━━
4️⃣ What If the Clocks Differ?
Small clock differences happen.
To handle this, servers usually accept:
✅ Current time window
✅ Previous window
✅ Next window
This allows a small amount of clock drift without compromising security.
━━━━━━━━━━━━━━━━━━━━
🎯 Interview Answer
"Google Authenticator uses TOTP, where both the phone and server share the same secret key. Every 30 seconds, they independently generate an OTP using HMAC-SHA1 and the current time window. Since both have the same secret and time reference, they produce the same 6-digit code without any network communication."
Follow @ITWarriorShubham for more System Design and Backend Engineering interview questions 🚀
#Security #Authentication #2FA #OTP #TOTP #CyberSecurity #BackendDevelopment #SystemDesign #SoftwareEngineering #TechInterview
Видео (System Design 23/100) Turn on Airplane Mode. Google Authenticator still generates an OTP канала ITWarriorShubham
Комментарии отсутствуют
Информация о видео
Вчера, 7:02:55
00:00:25
Другие видео канала
Computer Etne Smart Kyun Hote Hain ?
Motivational quotes by sir Dr. APJ Abdul kalam #apjabdulkalam #abdulkalamquotes #motivationalquotes
Artificial Intelligence (AI) is the ability of a computer or machine to perform tasks #ai #coding
OP Sindoor Successfull #war #indiavspakistan #wewantpokback #operationsindoor #ytshorts #shorts
How your typical days look like #work #job #interview
Disadvantages of NodeJs #nodejs
Loan Consultant Vs Loan Recovery #loan #youtubeshorts #comedy #ytshorts
Its true #quotes
Code toh chal gaya, par neend comma khaa gaya! 😅💻 #ytshorts #shorts
Ghar Aisa ho wapas aane ka man kre #work #life #lifestyle
Optimize your database with code change #systemdesign #system #devops #work #work
Think about it #relationship #marriage #life
MCA Ne Le Li
Tax Free Income #Tax #income
New Gst Reform #gst #newgst #tax #india #it #ytshorts #shortvideo
India Vs Pakistan #asiacup2025 #cricket
Job Openings in multiple role #jobopenings #hiring #techjobs #itjobs #softwarejobs #capgeminihiring
5 In Demand IT Skills to Boost Your Resume #coding #IT
Oracle Layoffs 30K employee #layoffs #work #ofdice
Asia Cup 2025 Winner Team India #india #asiacup #cricket #ytshorts #shorts
Gurgaon Wale aise kaam krte hain #gurgaon #youtubeshorts #youtubevideos #rain
