YetAnotherMinion
commented
6 years ago You are correct. I believe it makes sense to allow extracting all of the bits available in the HMAC hash. So if you are using sha256 you can extract up to 24 characters, if you use sha512 you could extract up to 48 characters.
@jtomazin Would this work for you.
I was trying to generate larger TOTP values and noticed that output values are capped at 2^31 bits -- is there a reason for this? The HOTP paper recommends that an easy way to improve security is to just extract more characters from the HMAC hash.