OCR with digests other than SHA-1 doesn't work

Authenticator-Extension / Authenticator

Authenticator generates 2-Step Verification codes in your browser.

https://authenticator.cc

MIT License

3.09k stars 728 forks source link

OCR with digests other than SHA-1 doesn't work #1089

Open koerue opened 11 months ago

koerue commented 11 months ago

Describe the issue

When scanning an QR code made with the SHA-256 or SHA-512 digest, the App doesn't respond incorrect OTP's. However OCR scanning SHA-1 hashed QR's returns valid OTP's. You can reproduce the error here: https://www.token2.com/shop/page/token2-totp-toolset-sha256-version (offers SHA-1 also)

When adding the (e.g.SHA-256) secret manually to the extension, this issue doesn't appear.

Browser

Firefox

Browser Version

102.14.0esr

Extension Version

6.3.5

R13e commented 9 months ago

Hi,

I can confirm. Any news on this issue?

Best

Sneezry commented 9 months ago

Hmmm, because the extension only knows SHA256 but not sha256, I will create a PR later.

https://github.com/Authenticator-Extension/Authenticator/blob/dev/src/models/otp.ts#L22