Add warning about apps that don't support alternative hashing algorithms

[samdjstevens]

Add some warnings in the README about using SHA256 and SHA512, with a list of known apps that do and don't support them.

[connickshields]

I just wanted to give you a heads up that after testing, Google Authenticator on Android doesn't support SHA256 or SHA512. I also believe that Duo Security on iOS doesn't support SHA256 or SHA512, but I am not 100% sure on that.

[mendess]

It seems Authy and 2FAS Authenticator also don't support SHA256 and SHA512

[Stexxen]

Copied across from - #27 (comment)

Apps that work with SHA-256 and SHA-512
Android

• Oracle Mobile Authenticator
• Auth0 Guardian
• Sophos Authenticator
• FreeOTP Authenticator

iOS

• Oracle Mobile Authenticator
• IBM Verify
• Sophos Authenticator
• FreeOTP Authenticator

And apps that appear to not support SHA-256

• Google Authenticator
• Microsoft Authenticator
• LastPass Authenticator
• Duo Mobile
• Authy
• 2FAS Auth

[mendess]

I'd like to add that Aegis on Android, also works with SHA256 and SHA512.

[damarur]

Hey, I tried to use this library but no success.
I ended up using Keycloak implementations, adapting it a little bit.
Just in case this helps somebody, the URL that made it work with Google Authenticator and Microsoft Authenticator is something like this (used for creating the QR code):
otpauth://<type>/<issuer>:<username>?secret=<secret>&digits=6&algorithm=SHA1&issuer=<issuer>&period=30
Where type is "totp" or "hotp". (in my case "totp" because it's based on time)
Issuer and username will be displayed at the app and secret is just you secret in plain text.