Open massar opened 7 years ago
In relation to: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Our OTP implementation for HOTP and TOTP currently only uses SHA1, which is actually the common thing for Google Authenticator.
SHA256/SHA512 are defined for TOTP though, thus we should look into supporting this.
As this is time based though, an attack will be fun to mount on this :)
In relation to: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Our OTP implementation for HOTP and TOTP currently only uses SHA1, which is actually the common thing for Google Authenticator.
SHA256/SHA512 are defined for TOTP though, thus we should look into supporting this.
As this is time based though, an attack will be fun to mount on this :)