How the correlation between the users' USERNAME and the seed generated at the time of enrollment and authentication (seed that is stored in the ARWFARCOTOTP table and SHAREDSECRET column) works?

The "string value" generated and encrypted that is stored in the SHAREDSECRET column has some specific mechanism that makes use of the USERNAME value?

How "string values"/seeds stored in the SHAREDSECRET column are encrypted? Does CA Strong use Master Key to do that?

Username is referenced in UserRefID column from the ARWFARCOTOTP table and that UserRefID has the corresponding username listed in ARUDSUSER table so in the transaction, the username will be fetched from the ARUDSUSER table.

The seed is encrypted with the PIN, the HOTP and then 3DES encrypted and stored in the SHAREDSECRET column. 

MasterKey is only used for encrypting the contents of the securestore.enc file which contains the connectivity parameters for the database.

Kindly check the below documentation for additional Information.

How to Work with Mobile OTP