[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] Bug#707816: liboath0: SHA2 support for TOTP
From: |
Simon Josefsson |
Subject: |
[OATH-Toolkit-help] Bug#707816: liboath0: SHA2 support for TOTP |
Date: |
Thu, 30 May 2013 13:22:34 +0200 |
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3 (gnu/linux) |
I agree it would indeed be nice to support this. Do you have any
particular use-case in mind? I don't recall seeing TOTP with SHA-2 used
on any major site. If there is a compelling use-case that might improve
chances of this being implemented earlier.
Thanks,
/Simon
Alessandro Ghedini <address@hidden> writes:
> Package: liboath0
> Version: 2.0.2-2
> Severity: wishlist
>
> Hi,
>
> according to RFC6238 section 1.2 [0], "TOTP implementations MAY use
> HMAC-SHA-256
> or HMAC-SHA-512 functions, based on SHA-256 or SHA-512 [SHA2] hash functions".
>
> It would be nice if liboath (and pam_oath) supported this.
>
> Thanks
>
> [0] http://tools.ietf.org/html/rfc6238#section-1.2
>
> -- System Information:
> Debian Release: jessie/sid
> APT prefers unstable
> APT policy: (990, 'unstable'), (600, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 3.8-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages liboath0 depends on:
> ii libc6 2.17-1
>
> liboath0 recommends no packages.
>
> liboath0 suggests no packages.
>
> -- no debconf information