timowevel1
commented
1 year ago The issue seems to be with SHA1 and SHA512. SHA1 is deprecated, so I went to SHA512. But e.g. the Microsoft Authenticator uses SHA1 although the URL says otpauth://totp/test?period=30&digits=6&secret=XSWRT4OXZSTURKQXSFFTMYII55ITYK2Z&issuer=test&algorithm=SHA512
Edit: The Microsoft Authenticator doesnt seem to support SHA256 or SHA512. The google authenticator respects it. Means then I will continue with SHA1 as I read it should be still safe for TOTP.
Hey,
probably this is an issue on my end, but I didnt find a discussion forum here.
I try to generate codes, but the codes dont seem to be correct. I think it is related to any time zone issues or something. I am located in germany, means UTC+1, and I use the following code to generate the codes:
String code1 = totp.now(Clock.system(TimeZone.getTimeZone("UTC+1").toZoneId()));It then generates a code, but when I try to verify it it fails. E.g. current codes are (the second one is with 30 seconds delay):
But correct one would be:
Do you have any ideas on that?
Thanks!