Closed mohittgupta closed 2 years ago
peterthomassen
commented
2 years ago No. The cleartext secret is required as an input for computing OTP codes. The hash does not contain enough information.
You can encrypt the secret before storing it in the database, and decrypt it before using it. However, you'll have to manage your key storage then, so you end up with the same problem of secret storage as before.
mohittgupta
commented
2 years ago okay, thanks. Can you help me with other library which can solve my problem.
peterthomassen
commented
2 years ago There is no solution to the problem. All OTP libraries require the cleartext secret. It is because the OTP protocol works like that.
mohittgupta
commented
2 years ago okay, thanks. closing.
Hello ,
I am using this extension for my project. And I have to save secret key in my database but in hashed format. But is there any way to use that hashed key to get totp otp object to very otp generated by google authenticator.