OCR with digests other than SHA-1 doesn't work

Question

OCR with digests other than SHA-1 doesn't work

koerue opened this issue 10 months ago · 2 comments

Describe the issue

When scanning an QR code made with the SHA-256 or SHA-512 digest, the App doesn't respond incorrect OTP's. However OCR scanning SHA-1 hashed QR's returns valid OTP's.
You can reproduce the error here:
https://www.token2.com/shop/page/token2-totp-toolset-sha256-version
(offers SHA-1 also)

When adding the (e.g.SHA-256) secret manually to the extension, this issue doesn't appear.

Browser

Firefox

Browser Version

102.14.0esr

Extension Version

6.3.5

Answer 1 · 2023-09-26T07:22:34.000Z

Hi,

I can confirm. Any news on this issue?

Best

Answer 2 · 2023-09-26T15:26:37.000Z

Hmmm, because the extension only knows SHA256 but not sha256, I will create a PR later.

https://github.com/Authenticator-Extension/Authenticator/blob/dev/src/models/otp.ts#L22