Is it possible to use HMAC-SHA-512 instead of the default HMAC-SHA-1?

pyauth / pyotp

Python One-Time Password Library

https://pyauth.github.io/pyotp/

Other

2.95k stars 321 forks source link

Is it possible to use HMAC-SHA-512 instead of the default HMAC-SHA-1? #93

Closed jtv199 closed 4 years ago

jtv199 commented 4 years ago

Hi, I'm working on a project that needs a TOTP hashed by HMAC-SHA-512 any ideas on how i would go about this?

tilkinsc commented 4 years ago

You can implement your own hash function. Take a look at my project groups, I've done this.

pickfire commented 4 years ago

@jtv199 Take a look the OTP definition, it supports specifying the hash function.

krishna-ur commented 4 years ago

Yes, It is possible you need to modify src/pyotp/opt.py Refer this https://github.com/krishna2594/pyotp/commit/a685c2e49427c0926a70619460c0c800c815a146#diff-442525114d56c149b969e957c96fa835

if you have installed pyotp using pip then copy contents of this file into pyotp file https://gist.github.com/krishna2594/e27f4d89a160cbf73200f3a3b07c9aab use pip -V command to find path all libraries installed using pip then open and modify pyotp/otp.py

sample code import base64 #Optional: the default pyotp library uses base32 encoding which can throw errors if we use characters other than base32

key=base64.b32encode("AnySecret ".encode(),10) #Interger 10 is passed to print 10 digit totp, by default it gives 6 digit totp

totp = pyotp.TOTP(key)

print("Current OTP:", totp.now())

I hope this helps. :)

kislyuk commented 4 years ago

You do not need to modify the source code of pyotp to specify the digest (hash) algorithm. You can use the digest parameter to the constructor; this parameter takes any hasher object that uses the hashlib interface. For HMAC-SHA-512, you would use pyotp.TOTP("base32secret3232", digest=hashlib.sha512).now().

Abdullah-03 commented 5 months ago

You can also just do: pyotp.TOTP(secret_key, digest="sha512").now()

sriramadari commented 1 month ago

You can also just do: pyotp.TOTP(secret_key, digest="sha512").now()

how can i get 10 digits using SHA512

tilkinsc commented 1 month ago

There are technical limitations to the amount of digits. When using sha1 - sha512 you are able to set the digits to at most 8 I think. This is due to the data type used to truncate the hmac calculation iirc. I've yet to look into the true implementation of it, yet. I don't think the standards really approach of additional digits.

w-lk-r commented 2 weeks ago

You can also just do: pyotp.TOTP(secret_key, digest="sha512").now()

how can i get 10 digits using SHA512

Just add digits=10

e.g. pyotp.TOTP(secret_key, digest="sha512", digits=10).now()