Varun konadagadapa, profile picture
Uploaded byVarun konadagadapa
PDF, PPTX125 views

Building your own web based Authenticator

This document discusses building your own web-based time-based one-time password (TOTP) authenticator using Python, HTML, Google Identity-Aware Proxy (IAP), Compute Engine, and SQLite. It provides background on multi-factor authentication (MFA) and the cryptographic techniques HMAC and TOTP. The project aims to create an easy way to generate one's own TOTP codes as an alternative to proprietary authenticator apps, while future work could involve using HMAC to generate random URLs.

Download as PDF, PPTX
Building your own web based TOTP
Varun Kondagadapa I’m a: ● Blogger ● Docker superuser! ● Complex gitlab plugins and pipelines ● Python/C# Programmer ● Zerotrust phase 1 ● DevSecOps ● Microsoft fan but use Linux I’m not a: ● Bug hunter ● Malware researcher ● ML guy https://www.reborninfosec.com/
Stop Me! You have every right to Stop me!
MFA : Multi Factor Authentication ● Secure from Password stealing attacks ● Sms, App, h/w tokens etc.. ● Compliance requirement i.e eg: PCI DSS ● Implemented independently i.e isolated from actual authentication Little cautious: ● Loss of Tokens, keys, mobile can be problematic
HMAC: Hash based message authentication code ● Keyed-Hashing for Message Authentication ● Hashing with private key ● HMAC = Key + Message + Hash ● Similar to Digital signature but uses symmetric keys ● Hashes can establish integrity but not authenticity ● Issue: Collision-related vulnerabilities of MD5
TOTP : Time based OTP ● Uses HMAC ● NIST discourages SMS ● Offline sync ● Works with unix time ● Open standard : One can create their own Challenge: ● Keeping the shared key
Authenticator ● Most installed tool for storing otps ● Earlier open source but now proprietary That one drawback: ● What happens when we lose our phone ● No backups
The Project ● Python ● Html ● Google IAP ● Compute Engine ● Sqlite
Conclusion ● Cryptographic techniques are open to adopt ● An easy way to create our own google authenticator Future Work HMAC for random url generator
References ● https://stackoverflow.com/questions/8529265/google-authenticator-implement ation-in-python ● https://www.jscape.com/blog/what-is-hmac-and-how-does-it-secure-file-transf ers ● https://cloud.google.com/iap/docs/

More Related Content

PPTX
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
byMikal Villa
 
PPTX
Hacking - Breaking Into It
byCTruncer
 
PDF
Using twig as rendering system for your Joomla extensions
byRoberto Segura
 
PPT
Intoduction to c# and basics of .net
byDAZZLING DAZZLING
 
PDF
C4ainaction-Introduction to the Pyramid Web Framework
byFrancis Addai
 
PDF
Rethinking The Policy Agent
byForgeRock Identity Tech Talks
 
PDF
Cats and mice ever evolving attackers and other game changers
byEric Kmetz
 
PPTX
Django introduction by Ssentamu Abel
byGDSCKYAMBOGO
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
byMikal Villa
 
Hacking - Breaking Into It
byCTruncer
 
Using twig as rendering system for your Joomla extensions
byRoberto Segura
 
Intoduction to c# and basics of .net
byDAZZLING DAZZLING
 
C4ainaction-Introduction to the Pyramid Web Framework
byFrancis Addai
 
Rethinking The Policy Agent
byForgeRock Identity Tech Talks
 
Cats and mice ever evolving attackers and other game changers
byEric Kmetz
 
Django introduction by Ssentamu Abel
byGDSCKYAMBOGO
 

Similar to Building your own web based Authenticator

PDF
Creating OTP with free software
byGiuseppe Paterno'
 
PDF
2FA and OTP
byTristan Gomez
 
PPTX
ToTP
byFORMAEMPLEO
 
PPT
10 1 otp all
byMohammad Alyan
 
PPTX
One Time Password - A two factor authentication system
bySwetha Kogatam
 
PDF
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
byCyber Security Alliance
 
PDF
Strong Authentication in Web Application #SCS III
bySylvain Maret
 
PPTX
Google authentication
byNexThoughts Technologies
 
PDF
Google Authenticator, possible attacks and prevention
byBoštjan Cigan
 
PDF
Mobile Authentication - Moving Towards a Passwordless Future
byForgeRock Identity Tech Talks
 
PDF
How to 2FA-enable Open Source Applications
byAll Things Open
 
PPTX
AUTHENTICATION APPLICATION IN Nw SC.pptx
bysujithangam
 
PDF
Strong Authentication State of the Art 2012 / Sarajevo CSO
bySylvain Maret
 
PDF
Two-Steps to Owning MFA
bySherrie Cowley & Dennis Taggart
 
PDF
apidays London 2023 - Building Multi-Factor Authentication into your applicat...
byapidays
 
PPTX
Access management
byVenkatesh Jambulingam
 
PDF
Decipher Multi-Factor Authentication - A Developers Introduction
byArcBlock
 
PPTX
Digital authentication
byallanh0526
 
PDF
Enhanced adaptive security system for SMS – based One Time Password
byChandrapriya Rediex
 
PDF
IRJET- Multi sharing Data using OTP
byIRJET Journal
 
Creating OTP with free software
byGiuseppe Paterno'
 
2FA and OTP
byTristan Gomez
 
ToTP
byFORMAEMPLEO
 
10 1 otp all
byMohammad Alyan
 
One Time Password - A two factor authentication system
bySwetha Kogatam
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
byCyber Security Alliance
 
Strong Authentication in Web Application #SCS III
bySylvain Maret
 
Google authentication
byNexThoughts Technologies
 
Google Authenticator, possible attacks and prevention
byBoštjan Cigan
 
Mobile Authentication - Moving Towards a Passwordless Future
byForgeRock Identity Tech Talks
 
How to 2FA-enable Open Source Applications
byAll Things Open
 
AUTHENTICATION APPLICATION IN Nw SC.pptx
bysujithangam
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
bySylvain Maret
 
Two-Steps to Owning MFA
bySherrie Cowley & Dennis Taggart
 
apidays London 2023 - Building Multi-Factor Authentication into your applicat...
byapidays
 
Access management
byVenkatesh Jambulingam
 
Decipher Multi-Factor Authentication - A Developers Introduction
byArcBlock
 
Digital authentication
byallanh0526
 
Enhanced adaptive security system for SMS – based One Time Password
byChandrapriya Rediex
 
IRJET- Multi sharing Data using OTP
byIRJET Journal
 

Recently uploaded

PPT
SAP ERP Training For Senior Managers.ppt
byBalanathanVirupasan
 
PDF
End-to-End Payroll Processing Checklist for Growing Businesses.pdf
byCRMLeaf
 
PDF
Practical Performance Tuning for Serverless Java on AWS- InfoQ Dev Summit
byVadym Kazulkin
 
PDF
Transform Salesforce Workflows: The Basics You Must Know to Deploy AI Agents
byCymetrix Software
 
PPTX
An Introduction to C Programming Language
byAlonTashobya
 
PDF
Choosing Mobile App Development Services: A Clear Guide
byShiv Technolabs Pvt. Ltd.
 
PDF
The 50+ First-Timer: My OpenTelemetry Contribution and How Your CNCF Journey...
byImma Valls Bernaus
 
PDF
AI and Generative AI: Dual-Use Risks and Autonomous Threats.pdf
byCyberneticGI
 
PPTX
Soft(ware) Stories: Tecnologia, Identità e Giustizia di genere nel mondo digi...
byLetizia Jaccheri
 
DOCX
Best Tableau Alternatives for Data Analytics and Reporting.docx
byVarsha Nayak
 
PPTX
ETH Belgrade 2025 - AI Agent Custody and Fund Access
byDejan Radic
 
PPSX
Domain Centered Architecture for complex business domains
byRob Vens
 
PDF
Best Tableau Alternatives for Data Analytics and Reporting.pdf
byVarsha Nayak
 
PDF
The journey from (not)REST to GraphQL at scale - The Deezer experience
byLoïc Doubinine
 
PPTX
Meridian 2025 - The Intent-Driven Future With NEAR Intents
byDejan Radic
 
PDF
Vibe Coding and AI-Assisted Development (Ploneconf 2025, Lightning Talk)
bykitconcept GmbH
 
PDF
What Writing 250+ Blog Posts Taught Me About Artificial Intelligence.pdf
byMarkus Eisele
 
PDF
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
PPTX
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
PDF
VADY Invoice Intelligence — From Unstructured PDFs to Decision-Ready Business...
byNewFangledVision
 
SAP ERP Training For Senior Managers.ppt
byBalanathanVirupasan
 
End-to-End Payroll Processing Checklist for Growing Businesses.pdf
byCRMLeaf
 
Practical Performance Tuning for Serverless Java on AWS- InfoQ Dev Summit
byVadym Kazulkin
 
Transform Salesforce Workflows: The Basics You Must Know to Deploy AI Agents
byCymetrix Software
 
An Introduction to C Programming Language
byAlonTashobya
 
Choosing Mobile App Development Services: A Clear Guide
byShiv Technolabs Pvt. Ltd.
 
The 50+ First-Timer: My OpenTelemetry Contribution and How Your CNCF Journey...
byImma Valls Bernaus
 
AI and Generative AI: Dual-Use Risks and Autonomous Threats.pdf
byCyberneticGI
 
Soft(ware) Stories: Tecnologia, Identità e Giustizia di genere nel mondo digi...
byLetizia Jaccheri
 
Best Tableau Alternatives for Data Analytics and Reporting.docx
byVarsha Nayak
 
ETH Belgrade 2025 - AI Agent Custody and Fund Access
byDejan Radic
 
Domain Centered Architecture for complex business domains
byRob Vens
 
Best Tableau Alternatives for Data Analytics and Reporting.pdf
byVarsha Nayak
 
The journey from (not)REST to GraphQL at scale - The Deezer experience
byLoïc Doubinine
 
Meridian 2025 - The Intent-Driven Future With NEAR Intents
byDejan Radic
 
Vibe Coding and AI-Assisted Development (Ploneconf 2025, Lightning Talk)
bykitconcept GmbH
 
What Writing 250+ Blog Posts Taught Me About Artificial Intelligence.pdf
byMarkus Eisele
 
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
VADY Invoice Intelligence — From Unstructured PDFs to Decision-Ready Business...
byNewFangledVision
 

Building your own web based Authenticator