Sophos XG OTP - Why weak SHA-1 and low encryption length?

Question

XG550 (SFOS 19.0.2 MR-2-Build472) 
 This is specially directed to Sophos: 
 Hello SOPHOS, i tried to import a Sophos XG created TOTP into Sophos UTM which is handling reverse proxy functionality with reverse auth including totp (because sophos xg is not able to do totp with reverse auth o.O ) 
 I tried to import the token but UTM is sayin: 
 
 Why there is no chance to change hash algorithm in XG? Why the created TOTP tokens are that "weak"? 
 I am tired making comparison to utm but why is utm supporting SHA1, SHA256 and even SHA512 algorithmns for OTP and the NEWER, BETTER, MORE SECURE, undiscontinued product SOPHOS XG can not even handle this basic thing????

Please give me an explanation... 
 Kind regards, Nafets

Vivek Jagad · Answer

Hello Nafets ,

Thank you for reaching out to the community, this feature request is already raised to enable the support of SHA256 and SHA512 Support for MFA/TOTP, which is valid for future road map of the product - SFSW-I-1003/SFSW-I-1234.

Quallensaft · Answer

Obviously you didn't understand how MFA works, otherwise you would know that it doesn't matter which hash function you use to generate your MFA. But feel free to use SHA 256/512, it's more secure for MFA and there are even more OTP apps that will support it &zwj;

Sophos XG OTP - Why weak SHA-1 and low encryption length?

Top Replies