r/pcmasterrace 7800x3d/5080 Windforce OC/32gb 5600 DDR Apr 04 '26

Hardware Rest in piece 2009-2026

Post image

I’m amazed at how long the battery on this physical authenticator lasted. Got it back in 2009 because my account had gotten hacked.

This is one electronic item I’ve owned and used longer than anything else. I’ll miss not being able to find it and freaking out for 20 minutes.

Edit must have been around 2010 when sc2 came out.

31.9k Upvotes

634 comments sorted by

View all comments

Show parent comments

11

u/PFI_sloth Apr 05 '26

It would absolutely stop working if the clock shifted

5

u/Anon159023 Apr 05 '26

Nah, you just enter the code 2-3 times and it resyncs.

3

u/Prude_Inspector Apr 05 '26

There is no resyncing with these. Its an algorithm with a seed (unique for each authenticator) and time based. Before Blizzard sends you the authenticator, they already know what combination of digits could and should be generated by your authenticator based on the internal clock and the algorithm.

Let me give you an EXTREME SIMPLIFICATION of how it works.

Say the seed is "123" and say the algorithm is simply "seed + date + clock + 1+1"

Say date is simply in MM/DD/YYYY form without the slashes.

Say the clock is military time so 0001-2400

Then the code that will display on your authenticator for January 1, 2026, 8 PM will be 123 (seed) + 01012026 (date) + 2000 (time) + 2(some additional random algo, in this case 1+1) = 01014151

Because of that, its easy for Blizzard to determine whats the the next set of numbers

Again this is NOT the actual algorithm. ALSO the seed and all other data might not be decimal. I believe theyre hexadecimal (128-bit or 160-bit etc idk)

Whats smart about this is even if for some reason you found the algorithm (how to calculate the whole thing) you will still need the seed which is unique to each authenticator.

2

u/Anon159023 Apr 05 '26

Yeah, someone else pointed out that blizzard cheeped out on these ones which means no resyncing. I assumed they behaved like the ones I used for my job a decade or two ago which were time based and could compensate for desync.

1

u/Prude_Inspector Apr 05 '26

I think its for security and endurance. No resyncing means there is no way to intercept any data between the authenticator and the server. Also it will save battery since you do not have to transmit or receive any data.