COTP icon indicating copy to clipboard operation
COTP copied to clipboard

Published 20 hours ago verified publisher icon tilkinsc

SHA256 and SHA512 might be failing

Open tilkinsc opened this issue 3 years ago • 1 comments

I am not sure where the root cause is, but the SHA256 and SHA512 are failing in my tests with the test/main.c* programs.

Isolation necessary.

tilkinsc avatar Jun 10 '22 06:06 tilkinsc

I think I have SHA256 and SHA512 working. The problem was rooted based on the generation size. A SHA1 HMAC generates 20 bytes. A SHA256 HMAC or SHA512 HMAC generates 32 bytes. This means the library had some hardcoded logic, and additionally it had logic built directly into it due to expecting these. I have found no implementation that uses SHA256 or SHA512 to bounce my library off of them. Authy, what I used for testing, doesn't support SHA256 or SHA512 and I am chatting with their engineering team because thats just unacceptable. SHA1 hashes have been deprecated and not recommended for use, like MD5.

tilkinsc avatar Jun 12 '22 06:06 tilkinsc