Closed capegreg closed 10 months ago
ahwm
commented
10 months ago This is in progress, but as noted on #198 a number of popular OTP apps don't support SHA256 including: Microsoft Authenticator and Authy so it's probably not recommended unless you can control the apps being used to some extent.
Given the location where the HMAC is generated there doesn't appear to be a big push or concern (it's only used to generate the time codes).
capegreg
commented
10 months ago Understood and agree with you regarding its isolated use. Interesting that some OTP apps don't support SHA256 yet. Microsoft Authenticator is one of my supported OTP apps. Thank you, Adam.
capegreg
commented
10 months ago Closing issue.
flytzen
commented
9 months ago @capegreg FYI: @ahwm made the change and v 3.2 is on its way to Nuget with this added.
Thank you both.
Can SHA in GenerateHashedCode be updated from HMACSHA1 to HMACSHA256?