|
You are here |
rcoh.me | ||
| | | | |
zserge.com
|
|
| | | | | Many of us use one-time passwords (OTP) regularly to log into different services. Most probably rely on Google Authenticator and similar tools. But what about building one by ourselves? | |
| | | | |
labanskoller.se
|
|
| | | | | You probably use an "authenticator app" such as Google Authenticator to enable two-step verification (sometimes called two-factor authentication, 2FA, or multi-factor authentication, MFA) for an online account. The method is called Time-Based One-Time Password Algorithm (TOTP) and is standardized in RFC 6238. In October 2017 when I evaluated HashiCorp Vault for generating and storing TOTP secrets for a system at work I realized that the Android version and iOS version of Google Authenticator differed a lot when it comes to which modes are supported. | |
| | | | |
prezu.ca
|
|
| | | | | Authenticator apps like Google Authenticator use 2 authenticaion protocol centered around What you have paradigm. Those algorithms are: HOTP (HMAC-based One Time Password), and TOTP (Time-based One Time Password). They obviously are different, but both are centered around the same basic idea: using a rolling hash value, that is predictable only to the server and the authenticator app. Additionally, both are using HMAC-SHA-1 for generating those hash values. In my previous post I explained the gist of the approach used in both algorithms. Here we'll focus on the details of implementation of HMAC. We'll tackle TOTP in part 3. | |
| | | | |
www.serverless.com
|
|
| | | Serverless CI/CD was crafted to support fast and secure deployment of serverless applications on AWS Lambda, API Gatway, DynamoDB & more. | ||