GENERATORS OF ONE-TIME TWO-FACTOR AUTHENTICATION PASSWORDS

The paper presents algorithms for generating a one-time two-factor authentication passwords where application of trigonometric functions have been considered. To protect the opening of a one-time password, a secret string is read that consists of a sequence of randomly generated characters. The second factor is due to the fact that that the code has a certain validity period. The presented password generators allow the formation of secret words and trigonometric functions that the proposed two-factor authentication method consists of. The algorithm presented was implemented in Java Script. The algorithm includes blocks for checking randomly generated words and functions.


Introduction
Ensuring the safety of confidential information must begin with identifying a system of threats, that is, negative processes that contribute to information leakage. In the modern world, the storage of electronic information, its value and significance has increased many times over. The need to ensure the safety of data storage, regular change and verification of passwords and control of the probability of information leakage have become an integral part of the information system. One of the most common methods of protecting information is password access to data. However, along with the undoubted advantages, this method of data protection has certain disadvantages: you can forget the password, it can be "hacked". A two-factor authentication data protection system based on one-time password generation is proposed.
This article describes the results obtained when developing a generator of trigonometric functions and secret words for generating a one-time two-factor authentication password based on an application using a smartphone.

Material and methods
The proposed system of information protection based on twofactor authentication using a combination of two factors: permanent and one-time passwords [7]. The user chooses a permanent password (the first factor) himself and uses it when registering an account. Before authorization must be registered in the application. After that, the application starts to enter user data (login and password), which must correspond to the registered data.
Then you need to enter the application on your smartphone and enter the initial data to generate a temporary password. A onetime or temporary password (the second factor) is generated on the server by the proposed algorithm [7] and is valid for a specific period of time for one authentication session. The time in the application is 20 seconds. The advantage of a one-time password is that the password is not reused. Thus, an attacker who intercepted data from a successful authentication session cannot use the copied password to gain access to the protected system. One-time password generation is possible online. The software sends a request to the authorization server to generate a temporary password. It is generated on the server and displayed to the user in additional software on the smartphone. The password has a short duration -20 seconds. The one-time password is generated based on the result of the selected trigonometric function, which has a number of variables generated based on the result of the SHA256 hash function [4, 5]. The input string for the hash function is a combination of user credentials, the current Greenwich Mean Time, and an additional secret string. The result of the hash function is divided into individual numbers, which will be the indices for selecting the function and its initial data. The secret string is a required field that will be randomly selected from the array. The secret line is changed at each input, due to which it will be much more difficult to open the initial input line, which allows to further strengthen the protection. The data for the input string has the values: login, password, current date, time and secret string. The next step to generate a password will be the result of the SHA256 hash function, which underlies the choice of the trigonometric function.

Secret word generating
For the formation of a secret string, a generator has been developed that allows one to randomly form words. Word dictionaries were not used, as words are easier to crack [3,6]. The generator is based on the use of the Latin alphabet of capital and uppercase characters in a total of 52. The length of the generated word is 5 characters.
In the final code, the algorithm described above is implemented in the Java Script language and has the following form: For the analysis of the generator used the method of complete enumeration [1,2]. According to this method, the length of the string is taken into account (the length of the string is 5 characters in the appendix) and, for example, the search speed of 100,000 words per second is used. The number of options is calculated by the formula: (1) where A is the number of characters and n the length of the string.
An example of the analysis of the generator is presented in table 1. Due to the fact that, according to the developed two-factor authentication algorithm, the generation of a one-time password occurs every 20 seconds, the probability of hacking the generated secret word is almost impossible. This confirms the efficiency of the proposed generator.

Trigonometric Function Generator
As stated above, the generation of a one-time password is based on the result of the selected trigonometric function, which has a number of variable parameters. The choice is made in accordance with the result of the obtained hash function of the SHA256 standards, where the first characters are used, which will be indices in a table of 256x256 dimension. By this index, the function will be selected and its parameters will be determined. According to the results of the calculation, digits after the comma are taken as a one-time temporary password, starting from the 5th position and 6 digits long.
The resulting number will be a temporary password that must be entered into the application. To implement this method, a generator of trigonometric functions has been developed, the use of which will greatly facilitate the formation of these functions. The algorithm of the generator of the trigonometric function is shown in Figure 1 To generate a trigonometric function, the number of variables is taken as the basis. There are 7 of them in this generator: a, b, c, x, y, p1, p2. Initially, a list of variables is formed, resulting in a random number of variables Count from 1 to the number of variables minus 1. Then, the array is searched through the array with certain variables N-times based on a random number from 0 to the length of the array minus 1.
Read variable from the array, which is added in the new array and removed from the old.
After the cycle is completed, a list of variables for the function is formed.
Based on this list, the constituent parts (Math.sin (a), 1 / Math.tan (p2)) of the format -"['Math.sin ()', 'Math.cos ()', 'Math.tan ( ) ',' (1 / Math.tan ()) ',' () '] ".The ComponentsCount function (the number of elements minus 1) starts the loop through the array with the generated variables. In the loop at each step, a random number componentIndex from 0 to componentsCount is formed. The element with the corresponding value of the compo-nentIndex index is converted by replacing the symbol "with a variable from the list and added to the new array.
As a result, a list of component parts with variables is formed. Next, rows are formed based on a random number from 1 to 3. In the cycle, the components, separated by signs of mathematical expressions, merge randomly.
After receiving the strings, they are joined separated by mathematical expressions.  // string of results returnfunc = variablesBlock + funcBlock } FunctiongetRandomInt(min, max) { // function to get a random number for a given range returnMath.floor(Math.random() * (max -min + 1)) + min; } As a result, we obtain a generated string function, which we use to calculate a one-time two-factor authentication password.

Conclusion
The use of generators to work in the formation of a one-time password, allows you to enhance the level of protection of the described system. Entropy is traditionally a measure of the strength of passwords -a measure of uncertainty, usually measured in bits. One bit entropy corresponds to the uncertainty of the choice of two passwords, two bits of 4 passwords, etc. The strength of a password should be considered only in the context of a specific password authentication system. This is due to the fact that different systems in varying degrees implement (or do not implement at all) the mechanisms for counteracting attacks aimed at breaking passwords, and also because some systems contain errors or use unreliable algorithms.