You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The new attacks on SHA-1 have no impact on the security of
HMAC-SHA-1. The best attack on the latter remains one needing a
sender to authenticate 2^{80} messages before an adversary can create
a forgery. Why?
HMAC is not a hash function. It is a message authentication code
(MAC) that uses a hash function internally. A MAC depends on a
secret key, while hash functions don't. What one needs to worry
about with a MAC is forgery, not collisions. HMAC was designed so
that collisions in the hash function (here SHA-1) do not yield
forgeries for HMAC.
The text was updated successfully, but these errors were encountered:
Hi, just thought that this lib is perfect for HOTP / TOTP solutions, except for the base32 part (it currently has base64).
There are other solutions like https://github.com/emn178/hi-base32, https://github.com/LinusU/base32-encode
But do you think it would make sense to also have a Base32 encode/decode function built-in here?
Something like RFC 4648 https://datatracker.ietf.org/doc/html/rfc4648#section-6 that's compatible with apps like Google Authenticator / Microsoft Authenticator / FreeOTP.
Thank you.
Edit:
sha1
might also be handy, which is the default algo on most hotp & totp use cases.As per https://datatracker.ietf.org/doc/html/rfc4226#appendix-B.2
The text was updated successfully, but these errors were encountered: