Merge pull request #11 from tmpfs/doc-comment-warning

Warn about silent fallback to SHA1
2022-02-10 10:37:40 +01:00 · 2022-02-10 10:37:40 +01:00 · 4ef27bd616
parent 4b486b5aa6 8db59df6c8
commit 4ef27bd616
2 changed files with 8 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -3,6 +3,8 @@

 This library permits the creation of 2FA authentification tokens per TOTP, the verification of said tokens, with configurable time skew, validity time of each token, algorithm and number of digits! Default features are kept as lightweight as possible to ensure small binaries and short compilation time

+Be aware that some authenticator apps will accept the `SHA256` and `SHA512` algorithms but silently fallback to `SHA1` which will make the `check()` function fail due to mismatched algorithms.
+
 ## Features
 ---
 ### qr
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1,5 +1,11 @@
 //! This library permits the creation of 2FA authentification tokens per TOTP, the verification of said tokens, with configurable time skew, validity time of each token, algorithm and number of digits! Default features are kept as low-dependency as possible to ensure small binaries and short compilation time
 //!
+//! Be aware that some authenticator apps will accept the `SHA256` 
+//! and `SHA512` algorithms but silently fallback to `SHA1` which will 
+//! make the `check()` function fail due to mismatched algorithms.
+//!
+//! Use the `SHA1` algorithm to avoid this problem.
+//!
 //! # Examples
 //!
 //! ```rust