twofactor_totp
twofactor_totp copied to clipboard
nextcloud
New hashing algorithm?
well considerin OTP generates just 6 numbers anyway, there is probably no problem with SHA1 also newer sha versions probably arent supported by most of the TOTP apps.
also other hasing algos would totally break compatibility with many apps which only do sha1
Hi guys,
I come from the future (2022), and things have changed a bit.
SHA-1 has been cracked and there are now quite some TOTP apps allowing to select another hashing algorithm.
I would suggest to keep SHA-1 as the default algorithm for compatibility purpose and to offer the user a kind of "advanced settings" option unveiling a drop-down list (or something alike) with other algorithms (SHA-256, SHA-512, SHA-2, ChaCha...).
What do you think?
SHA-1 has been cracked and there are now quite some TOTP apps allowing to select another hashing algorithm.
are you referring to https://shattered.it? back then it was said HMAC wasnt affected.
although having options is always good.
I guess leveraging the described attack needs the attacker's knowing the resulting hashing. And few actors have the computational power to conduct the attack in a timely way anyway.
So I would say HMAC is affected, but TOTP over SHA-1 is still quite safe in 99.99% of use cases at least.
Then it depends from whom you want to protect your data and account. Maybe a couple of users out of some millions want a TOTP guaranteed to be able to resist an NSA/FSB attack. And in that case, when you dropped Google, Microsoft etc. for obvious concerns, I guess you want to be reassured by an open-source, independent solution that supports recent and robust cryptography algorithms, just to be ahead rather than behind.
I am not a developer or a cryptologist, so I was picturing supporting a new algo as basically including its library and adding an 'algoType' parameter in the hashing function call, so I thought it was a quick win (even if a tiny win). Apologies if the implementation is actually cumbersome (I know, it's always more complicated than we foresee, even when we are experts).
I think the issue is less the implementation, but rather the compatibility, as for example authy doesnt support anything besides standard 30 sec SHA1 6-digit TOTPs, and not sure if for example google authenticator supports other SHA methods.
I am honestly not sure what would be the bigger problem. that you have only 6 digits or that you have HMAC-SHA1.
Of course, to make that very clear, I don't suggest to drop SHA-1. I am just suggesting to add other algorithms as options. It could be additional digits too, by the way.
I actually use Aegis Authenticator and it seems to offer the possibility to customise algo and number of digits, which suddenly made me wish the same was possible on Nextcloud's side.
I never assumed dropping sha1 just That if it's enabled that the guidance texts might need to change
Oh, yes, I see! Definitely! That's why I suggested to keep SHA-1 as the default and hide the other algorithms (and possibly the number of digits and validity time) under a deterring "advanced settings" thing...
Sure. The issue would also be if the setting is done by admin or by user. If by admin the user wouldn't even know that it's different.
In 2022, I think it is too early to put this in admin hands, or at least with a strong warning that most of their users' TOTP mobile apps won't support non-default settings.
Then, when the user sets up the TOTP, there would be two scenarii:
- If the algo and number of digits was set to by the admin: indicate them next to the shared secret (and add some info box or so that either says that those are default settings when they are, or that those are non-default settings that might not be supported by some TOTP mobile apps)
- fields to allow the user to set the algo and the number of digits, with an info box warning that non-default settings might not be supported by some TOTP mobile apps, and with an easy way to retrieve default values.