I use Aegis as my 2fa. Today on new token creation I observed that there’s hash function set to SHA-1, later checked all my tokens and the result is same type of encryption used for all. So I have edited all my tokens to SHA-256 as a result my totp doesn’t authenticate. Do I have to rescan my tokens for updating to SHA-256 or it doesn’t work like that?

Security: SHA-1 < SHA-256 < SHA-512

Speed: SHA-1 > SHA-256 > SHA-512

My doubts are: Why can’t we use SHA-256? Is it because TOTP requires less time so faster one(SHA-1) is chosen? Can we use SHA-256 for TOTPs?

  • pedroapero@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    7 months ago

    The entropy of otp codes is low compared to the seed’s. I’d never though about what that meant for reversion. Good point !