2FA SHA1 Digests

[csm10495]

Requirements

• Is this a feature request? For questions or discussions use https://lemmy.ml/c/lemmy_support
• Did you check to see if this issue already exists?
• Is this only a feature request? Do not put multiple feature requests in one issue.
• Is this a backend issue? Use the lemmy-ui repo for UI / frontend issues.

Is your proposal related to a problem?

Right now it appears as though 2FA only supports SHA256 digests. I've never had a service that does this type of digest. I found that Authy doesn't seem to properly support them either. Can we either swap to SHA1 (marginally worse for security) or allow the user to choose the type of 2FA digest?

Describe the solution you'd like.

Swap to SHA1 for TOTP since just about everything supports it and its only marginally worse for security.

Describe alternatives you've considered.

Allow the user to choose their digest. This is kind of confusing but could be ok if we also do #3309 . If a user can't get TOTP to work, ask them to 'try something for compatibility' and swap to SHA1, let them try.. if that works, just use SHA1 for them.

Additional context

No response

[TonyHoyle]

It does seem authy doesn't support sha256 or at least doesn't support the ones generated by lemmy. I've tried to regenerated the auth key a few times.. authy accepts the URL but the resulting codes can't be used to log in. I've seen a few things on the web complaining about it silently using SHA1 without warning you but those are 3-4 years old now.. you'd think they would have fixed it.

[Nutomic]

#3959