Indeed, --totp=SHA384 is ignored and treated as SHA1, you can confirm
this with --verbose. I opened
https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/37 to fix that.
I looked in https://datatracker.ietf.org/doc/html/rfc6238 and SHA384 is
not specified for TOTP. Can you name specific
Simon, thank you very much for your answer! I mean TOTP and oathtool. We've
got QR-code for our new logins which looks like this:
QR-Code:otpauth://totp/username:someuuid?issuer=username=LONGBASE32KEY=6=SHA384=30
oathtool --totp=SHA384 -d 6 -s 30 -b "BASE32KEY..." gives wrong code. I
thought