We were unable to find any reference material/documentation that specified the details the of OCRA suite(s) implemented in the product. Again, looking into the JS client we find the following: "OCRA-1:HOTP-SHA1-" + n + ":C-QA64" + g + a + b which suggests among other things that a SHA1 crytographic hash function is being used in the OTP computation.
Can we have detailed confirmation of OCRA suite employed including:
As of now, there is only support for SHA1 crytographic hash function during OTP computation and no support for SHA2 algo. We can't change the hash function being used to SHA2 at client side without supporting it at client SDK side.