v5.0.0

code

• createHmacSecret for Authenticator has been defaulted to the hotpSecret function
  • addresses issue #7 (see notes section below).
• Changed output files for webpack from underscore to dashes. i.e. from otplib_commons.js to otplib-commons.js

chore

• updated readme

notes

In RFC 6238, the secret / seed length for different algorithms is predefined:

HMAC-SHA1 - 20 bytes
HMAC-SHA256 - 32 bytes
HMAC-SHA512 - 64 bytes

As such, the length of the secret is padded and sliced according to the expected length for respective algrorithms. However, Google Authenticator does not seem to pad/slice the secret, resulting in wrong tokens generated when using TOTP implementation directly.