Alessandro Ghedini <[email protected]> writes: > On Thu, May 30, 2013 at 01:22:34PM +0200, Simon Josefsson wrote: >> I agree it would indeed be nice to support this. Do you have any >> particular use-case in mind? I don't recall seeing TOTP with SHA-2 used >> on any major site. If there is a compelling use-case that might improve >> chances of this being implemented earlier. > > Well, my original motivation was that I wanted to use pam_oath along with an > hardware HMAC-SHA256 generator that I have around, but I later realized that > it adds additional data to the HMAC which would probably make it incompatible > with TOTP. Still, there's no harm in trying... but there's no urgency either.
Thanks for explaining. Let's see if someone wants to work on it, patches are welcome. /Simon
