Plans to support SHA256?

[ThomasHabets]

From @ThomasHabets on October 10, 2014 8:7

Original issue 393 created by synikal on 2014-06-19T07:29:02.000Z:

Hi all,

Just wondering if there were plans to support SHA256? I'd really like to use existing tokens with this module and I think thats the prerequisite.

Copied from original issue: google/google-authenticator#392

[ThomasHabets]

SHA1 is the standard for HOTP (RFC4226) but TOTP (RFC6238) may use SHA-256.

There are no direct plans, but patches would be welcome.

It's not really a security issue at this point. SHA1 isn't perfect, but even with the "considered broken" MD5 there's no preimage attack, so I'm not worried.

Usability of these tokens you speak of though, that sounds interesting. But we'd need someone who has such a token and the willingness to implement the code. I may have the latter, but not the former.

[jpgoldberg]

I agree that as there is no pre-image attack on SHA1 (or MD5 for that matter), and so this use of it is perfectly safe.

However, I would really like to be able to add SHA256 to my server implementation just so that I don't have to explain the various security properties of cryptographic hashes to auditors who see SHA1 in their static analyses. But I can't if a popular tool like Authenticator will give the "wrong" results.

(Yes, I could perform SHA256 first and then fall back to SHA1 if that doesn't match; but that is just doing nobody any good.)

[ThomasHabets]

I would accept pull requests that added SHA256 and a config option to only use SHA256 to the PAM module. Would that solve the issue for you?