Ask HN: Are OTPs never prime?
2 points by shreshthmohan 10 years ago | 2 commentsIndian banks use one-time password for two-factor authentication. Prashant (https://twitter.com/pacificleo/status/600132236730441728) is saying that he has never seen an OTP that is prime. Which makes him ask if this is intentional.
- Is this true? If yes, why?
PS: this is my first submission to HN. Thanks.
- shreshthmohan 10 years agoI think that this is just probability in play. OTPs are usually 4 or 6 digits. Probability of seeing a prime number is little because of prime number theorem. I might be wrong though.
- kylc 10 years agoSome digging reveals that a common method for generating OTPs is through repeated hash function applications. A good hash function should produce uniformly distributed outputs.
There are 78,498 primes less than 10^6 (so, primes less than 6 digits), meaning that there is about a 7.9% chance of independently seeing a prime OTP if the OTPs are uniformly distributed. That seems pretty high. The expected value for seeing a prime OTP after multiple trials is just 15.
So I wonder if your friend is just unlucky or if his OTP provider is using another method for OTP generation.
- kylc 10 years ago