search

seiichiro0185 / sailotp

A Sailfish Google Authenticator Implementation
https://www.seiichiro0185.org/sailfish:apps:sailotp:start
Other
49 stars 25 forks source link

Support for SHA256 and SHA512 #18

Open hevanaa opened 7 years ago

hevanaa commented 7 years ago

I stumbled upon a site that let me choose TOTP algorithm between SHA1, SHA256 or SHA512. Only SHA1 worked.

According to https://security.stackexchange.com/a/45906, using HMAC-SHA-256 or HMAC-SHA-512 for RFC 6238 (TOTP) is within the scope of the standard (section 1.2). Not for HOTP, though. RFC 4226 only allows HMAC-SHA-1.

hevanaa commented 7 years ago

The site also allowed selecting SHA256 and SHA512 for HOTP, even though it is not mentioned in the standard. But as said in comments in the above stackexchange page, as HOTP is virtually same as TOTP, nothing would be wrong using the algorithms there too.

seiichiro0185 commented 7 years ago

I'll look into implementing the additional hashing algorithms, but I can't give you any timeframe when it will happen, since I'm quite busy with other stuff at the moment.