WordPress
Full RFC6238 Compatibility
What?
Adds support for SHA256 and SHA512 hashes for the underlying TOTP algorithm to fully support the RFC6238 spec.
Replaces #207 for a cleaner GH expereince.
Why?
Up til now, the TOTP provider in this plugin (and most other PHP implementations) claims to support a specified hash type, but doesn't actually work with anything other than SHA1.
This is due to key lengths and hash lengths being different for the three hash variants.
How?
This change introcudes support for both SHA256 and SHA512, porting the implementation directly from https://github.com/ericmann/totp.
See https://tools.ietf.org/html/rfc6238#section-1.2 for more information on the MAY USE notation for SHA256 and SHA512.
See https://tools.ietf.org/html/rfc6238#appendix-A for a fully compliant reference implementation in Java.
Testing Instructions
See https://tools.ietf.org/html/rfc6238#appendix-B for test vectors showing TOTPs generated for specific time values and the three hash variants.
See https://github.com/ericmann/totp/blob/master/test/phpunit/ReferenceTest.php for example unit tests verifying this particular implementation before it was ported to the plugin.
Changelog Entry
Added support for SHA256 and SHA512 hashing within TOTP calculation/verification.
