OathAlgorithm

public enum OathAlgorithm : String, CaseIterable, Codable, Sendable

Enum representing the different HMAC algorithms supported for OATH credential generation.

OATH algorithms use HMAC (Hash-based Message Authentication Code) with different hash functions to generate one-time passwords. The choice of algorithm affects both security strength and computational requirements.

Algorithm Comparison

Algorithm	Security	Performance	Digest Size	Recommendation
SHA-1	Legacy	Fastest	160 bits	Legacy support only
SHA-256	Strong	Moderate	256 bits	Industry standard
SHA-512	Strongest	Slowest	512 bits	High security needs

Standards Compliance

All algorithms implement the HMAC construction as defined in RFC 2104, and are compatible with RFC 4226 (HOTP) and RFC 6238 (TOTP) specifications.

sha1
SHA-1 HMAC algorithm (legacy).

Security Note: SHA-1 is cryptographically weak and should only be used for legacy system compatibility. New implementations should use SHA-256 or SHA-512.
Declaration
Swift

case sha1 = "SHA1"
sha256
SHA-256 HMAC algorithm.

The standard algorithm for new OATH implementations. Provides a strong balance of security with good performance characteristics.
Declaration
Swift

case sha256 = "SHA256"
sha512
SHA-512 HMAC algorithm.

Provides the highest level of cryptographic security but with increased computational overhead. Suitable for high-security environments.
Declaration
Swift

case sha512 = "SHA512"


                    
                    
                    fromString(_:)

Creates an OathAlgorithm from a string representation.

Throws

OathError.invalidAlgorithm if the string doesn’t match any known algorithm.

Declaration

Swift

public static func fromString(_ string: String) throws -> OathAlgorithm

Parameters


                                string

The string representation (case-insensitive).

Return Value

The corresponding OathAlgorithm.