OCR with digests other than SHA-1 doesn't work
koerue opened this issue · 2 comments
koerue commented
Describe the issue
When scanning an QR code made with the SHA-256 or SHA-512 digest, the App doesn't respond incorrect OTP's. However OCR scanning SHA-1 hashed QR's returns valid OTP's.
You can reproduce the error here:
https://www.token2.com/shop/page/token2-totp-toolset-sha256-version
(offers SHA-1 also)
When adding the (e.g.SHA-256) secret manually to the extension, this issue doesn't appear.
Browser
Firefox
Browser Version
102.14.0esr
Extension Version
6.3.5
R13e commented
Hi,
I can confirm. Any news on this issue?
Best
Sneezry commented
Hmmm, because the extension only knows SHA256
but not sha256
, I will create a PR later.
https://github.com/Authenticator-Extension/Authenticator/blob/dev/src/models/otp.ts#L22