Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Arbitrary upper limit to code length? #2

Open
jtomazin opened this issue Jul 6, 2018 · 1 comment
Open

Arbitrary upper limit to code length? #2

jtomazin opened this issue Jul 6, 2018 · 1 comment

Comments

@jtomazin
Copy link

jtomazin commented Jul 6, 2018

I was trying to generate larger TOTP values and noticed that output values are capped at 2^31 bits -- is there a reason for this? The HOTP paper recommends that an easy way to improve security is to just extract more characters from the HMAC hash.
@YetAnotherMinion
Copy link
Member

You are correct. I believe it makes sense to allow extracting all of the bits available in the HMAC hash. So if you are using sha256 you can extract up to 24 characters, if you use sha512 you could extract up to 48 characters.

@jtomazin Would this work for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@YetAnotherMinion @jtomazin