Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

hello, us it possible to configure kratos to use SHA256 instead of SHA1 for TOTP?

Hi. It is not possible. Corresponding options are not exposed in kratos config. Here (<https://github.com/ory/kratos/blob/4fb28b363622bb21ce12d9f89d2ceb4649aa0cba/selfservice/strategy/totp/generator.go#L33>) is the place, where the totp instantiation is done.
Side note: Even it would be possible, some OTP Apps, like e.g. the one from google, do only support SHA1 and require the amount of OTP digits to be 6 (at least on Android).