Closed mohittgupta closed 2 years ago
No. The cleartext secret is required as an input for computing OTP codes. The hash does not contain enough information.
You can encrypt the secret before storing it in the database, and decrypt it before using it. However, you'll have to manage your key storage then, so you end up with the same problem of secret storage as before.
okay, thanks. Can you help me with other library which can solve my problem.
There is no solution to the problem. All OTP libraries require the cleartext secret. It is because the OTP protocol works like that.
okay, thanks. closing.
Hello ,
I am using this extension for my project. And I have to save secret key in my database but in hashed format. But is there any way to use that hashed key to get totp otp object to very otp generated by google authenticator.