BoringAuth issues

TOTP / HOTP does not match other implementations?

1

In testing this crate's TOTP implementation against Yubico Authenticator, I found that the (default, so 6-digit SHA-1) TOTP codes generated by Yubico Authenticator were not accepted by `TOTP::is_valid()`. I tested...

djc

Arbitrary upper limit to code length?

1

I was trying to generate larger TOTP values and noticed that [output values are capped at 2^31 bits](https://github.com/ThinkAlexandria/BoringAuth/blob/f1ddeb031cb90d381319039e021b1e4f0d3c6327/src/oath/totp.rs#L270) -- is there a reason for this? The [HOTP paper](https://tools.ietf.org/html/rfc4226) recommends that...

jtomazin

Document mistake on default hash algorithm of TOTP

All the document says the default hash algorithm of TOTP is SHA1, but apparently the code says it is SHA256. Screenshot of the document ![image](https://user-images.githubusercontent.com/30155715/236605893-3a972d69-061a-455c-9da0-c6764bfc2e2b.png) ![image](https://user-images.githubusercontent.com/30155715/236605915-9cc2b816-463d-4b07-87ff-dd8e79b1a1e1.png) Screenshot of the code...

50Death

BoringAuth
BoringAuth copied to clipboard

Metadata

TOTP / HOTP does not match other implementations?

Arbitrary upper limit to code length?

Document mistake on default hash algorithm of TOTP

← Metadata

Owner

Metadata

BoringAuth BoringAuth copied to clipboard

Metadata

TOTP / HOTP does not match other implementations?

Arbitrary upper limit to code length?

Document mistake on default hash algorithm of TOTP

← Metadata

Owner

Metadata

BoringAuth
BoringAuth copied to clipboard