Can we use Bcript.hash() to generate secret?
jprumekso opened this issue · comments
Jalu Pujo Rumekso commented
I use the user's hashed password generated by Bcript.hash(password, 10) as totp secret. The thing is totp.check() isn't guaranteed to return true even if the token is right. Is that Bcrypt hashed secret the reason?