I'm pretty sure that the 2FA codes generated by my bank's TOTP app have a bias towards the number 8 - because eight is an auspicious number.But is that just my stupid meaty brain noticing patterns where none exist?The TOTP algorithm uses HMAC, which in turn uses SHA-1. My aforementioned brain is not clever enough to understand how that works. Although bigger, meatier brains have assured me it is fine.What happens if I sample, say, the next 10 TOTP codes and plot how often digits appear?HOLY SHIT...