BoringAuth icon indicating copy to clipboard operation
BoringAuth copied to clipboard
verified publisher icon ThinkAlexandria

Document mistake on default hash algorithm of TOTP

Open 50Death opened this issue 2 years ago • 0 comments

All the document says the default hash algorithm of TOTP is SHA1, but apparently the code says it is SHA256.

Screenshot of the document image image

Screenshot of the code image

Althrough sha256 may be more secured than sha1. Still most authenticator apps(Microsoft or Google) do not support it. I guess it's more suitable to set the default SHA1.

50Death avatar May 06 '23 06:05 50Death