You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Though the standard allows for the use of SHA-1, it shouldn't be used to generate an OTP due to the discovered collission. Google Authenticator uses SHA-256 which is secure.
Also the function for verification isn't constant time so an attacker could perform a timing-attack.
I would be happy in assisting to close those vulnerabilities.
The text was updated successfully, but these errors were encountered:
Though the standard allows for the use of SHA-1, it shouldn't be used to generate an OTP due to the discovered collission. Google Authenticator uses SHA-256 which is secure.
Also the function for verification isn't constant time so an attacker could perform a timing-attack.
I would be happy in assisting to close those vulnerabilities.
The text was updated successfully, but these errors were encountered: