Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Algorithm not being set properly #29

Open
jameshilliard opened this Issue Jul 31, 2015 · 4 comments

Comments

Projects
None yet
4 participants
@jameshilliard
Copy link

commented Jul 31, 2015

otpauth://totp/ckpool:ckolivas?secret=46PABKV2HL2BYL5P&algorithm=SHA256&issuer=BitclubPool

I'm setting the SHA256 parameter in the above example but google-authenticator doesn't seem to be using it correctly(it works fine in the Red Hat FreeOTP app). I'm setting the parameter based off of this readme.

@ThomasHabets ThomasHabets added the bug label Jul 31, 2015

@fjt37

This comment has been minimized.

Copy link

commented Apr 19, 2018

+1

This is also broken for SHA512. The android google authenticator app just seems to ignore the algorithm altogether and just uses SHA1 every time. (Android 8.1.0)

@mrl99

This comment has been minimized.

Copy link

commented Apr 19, 2018

+1

Encountering the same issue. Works on my IPhone 7 but not on Pixel 2 or SSG S7

@mrl99

This comment has been minimized.

Copy link

commented Apr 19, 2018

Tried it on Google Authenticator, Authy, and Duo Mobile, and all 3 used the SHA1 even when parameterized for SHA256

@ThomasHabets

This comment has been minimized.

Copy link
Contributor

commented Apr 19, 2018

I'm downgrading this to a feature request since the RFC says:

TOTP implementations MAY use HMAC-SHA-256 or HMAC-SHA-512 functions, based on SHA-256 or SHA-512 [SHA2] hash functions, instead of the HMAC-SHA-1 function that has been specified for the HOTP computation in [RFC4226].

And RFC4226 just says SHA-1.

@ThomasHabets ThomasHabets added enhancement and removed bug labels Apr 19, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.