Unable to verify TOTP using google/microsoft authenticator applications #59
Comments
|
This could be related to the fact that Since September 2021, OpenSSL in version 3.0.0 discards by default certificates signed using SHA1, as techniques have been found to create collisions on SHA1 signatures. In order to continue using SHA1-signed certificates, end users have to configure their OpenSSL installation to lower its security level, which will also allow other less-securely signed certificates to be validated by OpenSSL (this issue talks about it). Hope it helps, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I have been using your library for handling TOTP based QR code generation and validation from last 1 year. It was working successfully with google and microsoft authenticator. Just all of a sudden the TOTP validation is failing which I am failing to understand why?
Below is the code to generate QR code which i scan using authenticator app:
QrData data = new QrData.Builder().label(userDispVal).secret(secret).issuer(label).algorithm(HashingAlgorithm.SHA1).digits(6).period(30).build();
QrGenerator generator = new ZxingPngQrGenerator();
byte[] imageData = generator.generate(data);
String mimeType = generator.getImageMimeType();
String dataUri = getDataUriForImage(imageData, mimeType);
and below is the code to validate the the TOTP code generated by authenticator app:
TimeProvider timeProvider = new SystemTimeProvider();
CodeGenerator codeGenerator = new DefaultCodeGenerator(HashingAlgorithm.SHA1);
DefaultCodeVerifier verifier = new DefaultCodeVerifier(codeGenerator, timeProvider);
boolean successful = verifier.isValidCode(secret, code);
The last call is always returning false. It was working earlier like I mentioned.
Any help in this regard will be appreciated.
Thanks,
Ashutosh
The text was updated successfully, but these errors were encountered: