When verifying a provided code, you should use exactly the same hashing algorithm that was specified when the QR code was generated for The key, otherwise the user submitted codes will not likely match.
depending on https://bookmarksoflife.com/story3468853/the-smart-trick-of-java-toto-that-no-one-is-discussing
