Skip to content

Commit

Permalink
docs: update algorithm values everywhere (#14)
Browse files Browse the repository at this point in the history
  • Loading branch information
davidesigner authored Sep 16, 2024
1 parent 730e58b commit 24e0df1
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 12 deletions.
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@ verify your users.

This was copy/paste/modified/tested from [notp](https://npm.im/notp) (MIT)

The primary motivation was to support a more secure algorithm than `SHA1`
(though Google Authenticator only supports `SHA1`, longer-lived OTPs should use
The primary motivation was to support a more secure algorithm than `SHA-1`
(though Google Authenticator only supports `SHA-1`, longer-lived OTPs should use
a more secure algorithm). The maintainer has not actively responded to issues or
pull requests in years.

Expand Down Expand Up @@ -222,8 +222,8 @@ will show you all this stuff, but just in case, here's that:
* @param {number} [options.period=30] The number of seconds for the OTP to be
* valid. Defaults to 30.
* @param {number} [options.digits=6] The length of the OTP. Defaults to 6.
* @param {string} [options.algorithm='SHA1'] The algorithm to use. Defaults to
* SHA1.
* @param {string} [options.algorithm='SHA-1'] The algorithm to use. Defaults to
* SHA-1.
* @param {string} [options.secret] The secret to use for the TOTP. It should be
* base32 encoded (you can use https://npm.im/thirty-two). Defaults to a random
* secret: base32.encode(crypto.randomBytes(10)).toString().
Expand Down
16 changes: 8 additions & 8 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@
import base32Encode from 'base32-encode'
import base32Decode from 'base32-decode'

// SHA1 is not secure, but in the context of TOTPs, it's unrealistic to expect
// SHA-1 is not secure, but in the context of TOTPs, it's unrealistic to expect
// security issues. Also, it's the default for compatibility with OTP apps.
// That said, if you're acting the role of both client and server and your TOTP
// is longer lived, you can definitely use a more secure algorithm like SHA256.
// is longer lived, you can definitely use a more secure algorithm like SHA-256.
// Learn more: https://www.rfc-editor.org/rfc/rfc4226#page-25 (B.1. SHA-1 Status)
const DEFAULT_ALGORITHM = 'SHA-1'
const DEFAULT_CHAR_SET = '0123456789'
Expand All @@ -25,8 +25,8 @@ const DEFAULT_PERIOD = 30
* Defaults to 0.
* @param {number} [options.digits=6] - The number of digits to use for the
* HOTP. Defaults to 6.
* @param {string} [options.algorithm='SHA1'] - The algorithm to use for the
* HOTP. Defaults to 'SHA1'.
* @param {string} [options.algorithm='SHA-1'] - The algorithm to use for the
* HOTP. Defaults to 'SHA-1'.
* @param {string} [options.charSet='0123456789'] - The character set to use, defaults to the numbers 0-9.
* @returns {Promise<string>} The generated HOTP.
*/
Expand Down Expand Up @@ -76,8 +76,8 @@ async function generateHOTP(
* Defaults to 0.
* @param {number} [options.digits=6] - The number of digits to use for the
* HOTP. Defaults to 6.
* @param {string} [options.algorithm='SHA1'] - The algorithm to use for the
* HOTP. Defaults to 'SHA1'.
* @param {string} [options.algorithm='SHA-1'] - The algorithm to use for the
* HOTP. Defaults to 'SHA-1'.
* @param {string} [options.charSet='0123456789'] - The character set to use, defaults to the numbers 0-9.
* @param {number} [options.window=1] - The number of counter values to check
* before and after the current counter value. Defaults to 1.
Expand Down Expand Up @@ -115,8 +115,8 @@ async function verifyHOTP(
* @param {number} [options.period=30] The number of seconds for the OTP to be
* valid. Defaults to 30.
* @param {number} [options.digits=6] The length of the OTP. Defaults to 6.
* @param {string} [options.algorithm='SHA1'] The algorithm to use. Defaults to
* SHA1.
* @param {string} [options.algorithm='SHA-1'] The algorithm to use. Defaults to
* SHA-1.
* @param {string} [options.charSet='0123456789'] - The character set to use, defaults to the numbers 0-9.
* @param {string} [options.secret] The secret to use for the TOTP. It should be
* base32 encoded (you can use https://npm.im/thirty-two). Defaults to a random
Expand Down

0 comments on commit 24e0df1

Please sign in to comment.