Comments (4)
In short, No.
But the spécifications for HOTP only supports HMAC-SHA1, for TOTP, the specifications supports (SHA1, SHA256, SHA3384, SHA512)
But, when we push your first version, Mobile Apps like Google Authenticator, Microsoft Authenticator ONLY supports SHA1. But thers's no security problem (:sunglasses:) because the code is changing every 30 seconds.
See :
https://github.com/google/google-authenticator/wiki/Key-Uri-Format
google/google-authenticator-libpam#11
https://tools.ietf.org/html/rfc6238
https://tools.ietf.org/html/rfc4226
So we choose, to stay "compatible" with IETF and editors implementations.
We can look again, if it is desirable to implement superior hash algorithm (aka: SHA256).
But it must absolutely be functional with the majority of Google and Microsoft "Authenticator" mobile applications.
On the other hand, it is possible to have very complex keys, that' why we push an implementation with certificates (keys 2048 RSA)
from adfsmfa.
I see. I just want to know if I can use higher SHA because the algorithm textbox can be changed, now I am sure it cannot. Thanks.
from adfsmfa.
Of course, we want to use higher SHA algoritm, the textbox follow the "official" (ietf !) specification.
As we said, soon, we are going to look if we we can now support SHA256 and higher.
Regards
from adfsmfa.
Version 2.0.2966 available
We added support for iterating (downgrading) HMAC algorhytms : SHA1, SHA256 to SHA512
Remember, that it's not a bug, these algorythms are specified in rfc4226 and rfc6238. but they are not supported by many editors (Microsoft, Google, ...) To support SHA256 you must use an Authenticator like
Authy
Regards
from adfsmfa.
Related Issues (20)
- MFA Login is denied - Password expired HOT 2
- Disable automatic User Import HOT 11
- Fresh install breaks ADFS completely (adfssrv fails to start: error code 1067) HOT 9
- Prevent forrest wide User Lookup? (MMC and cmdlet long loading time) HOT 2
- MFA Not working on clustered ADFS with MDA HOT 5
- Unable to update e-mail Templates HOT 2
- Issue sending email - requires tls 1.2 HOT 4
- Timeouts if primary ADFS member is not online (Event ID 2011/1011) HOT 9
- MFA new domain in forest HOT 2
- MMC Crash HOT 5
- Initial MFA page shows with delay HOT 1
- PowerShell Add-MFAUsers - Error adding user not found HOT 6
- Login Password issue HOT 5
- The MFA wizard is skipped. HOT 8
- "The process cannot access the file" when trying to run Register-MFASystem HOT 4
- Register-MFASystem - BUG
- Operation Completed Successfully HOT 1
- Biometric auth - Requested value '00000000-0000-0000-0000-000000000000' was not found. HOT 7
- Email provider HOT 5
- Configuration for External Multi-Factor Provider plug HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adfsmfa.