Changes between Initial Version and Version 5 of Ticket #1055


Ignore:
Timestamp:
Jun 13, 2018, 9:38:53 AM (6 years ago)
Author:
Nicklas Nordborg
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #1055

    • Property Component not classifiednet.sf.basedb.otp
    • Property MilestoneOTP login v1.0
    • Property Owner changed from Jari Häkkinen to Nicklas Nordborg

  • Ticket #1055 – Description

    initial v5  
    1010 * The server admin should be able to reset (=remove) the stored secret key. If this is initiated by a request from the user it is important that the identity is verified, since otherwise a hacker that happens to get hold of the password could ask for a reset and then generate a new OTP locking the real user out.
    1111
     12Links:
     13 * The TOTP specification allows for different hashing algorithms (SHA1, SHA256 and SHA512). It seems like many implementations only support SHA1. Is there any downside to this and should we spend time to support more than SHA1? I think not... https://www.quora.com/Why-is-the-SHA1-algorithm-still-being-used-with-2FA-codes-instead-of-SHA2