SlideShare a Scribd company logo

Building your own web based Authenticator

Varun konadagadapa
Varun konadagadapa

This document discusses building your own web-based time-based one-time password (TOTP) authenticator using Python, HTML, Google Identity-Aware Proxy (IAP), Compute Engine, and SQLite. It provides background on multi-factor authentication (MFA) and the cryptographic techniques HMAC and TOTP. The project aims to create an easy way to generate one's own TOTP codes as an alternative to proprietary authenticator apps, while future work could involve using HMAC to generate random URLs.

Software
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
Building your own web based TOTP
Varun Kondagadapa I’m a: ● Blogger ● Docker superuser! ● Complex gitlab plugins and pipelines ● Python/C# Programmer ● Zerotrust phase 1 ● DevSecOps ● Microsoft fan but use Linux I’m not a: ● Bug hunter ● Malware researcher ● ML guy https://www.reborninfosec.com/
Stop Me! You have every right to Stop me!
MFA : Multi Factor Authentication ● Secure from Password stealing attacks ● Sms, App, h/w tokens etc.. ● Compliance requirement i.e eg: PCI DSS ● Implemented independently i.e isolated from actual authentication Little cautious: ● Loss of Tokens, keys, mobile can be problematic
HMAC: Hash based message authentication code ● Keyed-Hashing for Message Authentication ● Hashing with private key ● HMAC = Key + Message + Hash ● Similar to Digital signature but uses symmetric keys ● Hashes can establish integrity but not authenticity ● Issue: Collision-related vulnerabilities of MD5
TOTP : Time based OTP ● Uses HMAC ● NIST discourages SMS ● Offline sync ● Works with unix time ● Open standard : One can create their own Challenge: ● Keeping the shared key
Authenticator ● Most installed tool for storing otps ● Earlier open source but now proprietary That one drawback: ● What happens when we lose our phone ● No backups
The Project ● Python ● Html ● Google IAP ● Compute Engine ● Sqlite
Building your own web based Authenticator
Conclusion ● Cryptographic techniques are open to adopt ● An easy way to create our own google authenticator Future Work HMAC for random url generator
References ● https://stackoverflow.com/questions/8529265/google-authenticator-implement ation-in-python ● https://www.jscape.com/blog/what-is-hmac-and-how-does-it-secure-file-transf ers ● https://cloud.google.com/iap/docs/

More Related Content

Similar to Building your own web based Authenticator (20)

PPTX
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi Zero
Nic Raboy
 
PDF
Hacking Vulnerable Websites to Bypass Firewalls
Netsparker
 
PDF
Defcon 23 - David Huerta - alice and bob are really confused
Felipe Prado
 
PDF
Crypto UX and Mass Adoption
Pranay Prateek
 
PDF
Opensource pnp container based waf
Varun konadagadapa
 
PPTX
Mobile security recipes for xamarin
Nicolas Milcoff
 
PDF
All Aboard The Stateful Train
SmartLogic
 
PDF
How to connect 1980 and 2018
Matthieu Kern
 
PDF
"Trust Wallet Clone Script for Secure Crypto Wallets"
Malgo Technologies Pvt Ltd
 
PDF
MobSecCon 2015 - Burning Marshmallows
Ron Munitz
 
PDF
Internet security
Antony Mathew
 
PPTX
Evaluating a password manager
Evan J Johnson (Not a CISSP)
 
PDF
Black hat dc-2010-egypt-uav-slides
Bakry3
 
PDF
Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...
Icinga
 
PDF
Using Eclipse and Lua for the Internet of Things - EclipseDay Googleplex 2012
Benjamin Cabé
 
PPTX
ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...
ITCamp
 
PDF
Bot. You said bot? Let build bot then! - Laurent Ellerbach
ITCamp
 
PPTX
Using the Cloud Foundry and Kubernetes Stack as a Part of a Blockchain CI/CD ...
Altoros
 
PDF
Practical Phishing Automation with PhishLulz - KiwiCon X
Michele Orru
 
PDF
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
JosephTesta9
 
Building a Bitcoin Hardware Wallet with Golang and a Raspberry Pi Zero
Nic Raboy
 
Hacking Vulnerable Websites to Bypass Firewalls
Netsparker
 
Defcon 23 - David Huerta - alice and bob are really confused
Felipe Prado
 
Crypto UX and Mass Adoption
Pranay Prateek
 
Opensource pnp container based waf
Varun konadagadapa
 
Mobile security recipes for xamarin
Nicolas Milcoff
 
All Aboard The Stateful Train
SmartLogic
 
How to connect 1980 and 2018
Matthieu Kern
 
"Trust Wallet Clone Script for Secure Crypto Wallets"
Malgo Technologies Pvt Ltd
 
MobSecCon 2015 - Burning Marshmallows
Ron Munitz
 
Internet security
Antony Mathew
 
Evaluating a password manager
Evan J Johnson (Not a CISSP)
 
Black hat dc-2010-egypt-uav-slides
Bakry3
 
Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...
Icinga
 
Using Eclipse and Lua for the Internet of Things - EclipseDay Googleplex 2012
Benjamin Cabé
 
ITCamp 2017 - Laurent Ellerbach - Bot. You said bot? Let's build a bot then...
ITCamp
 
Bot. You said bot? Let build bot then! - Laurent Ellerbach
ITCamp
 
Using the Cloud Foundry and Kubernetes Stack as a Part of a Blockchain CI/CD ...
Altoros
 
Practical Phishing Automation with PhishLulz - KiwiCon X
Michele Orru
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
JosephTesta9
 

Recently uploaded (20)

PPTX
The Role of a PHP Development Company in Modern Web Development
SEO Company for School in Delhi NCR
 
PDF
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
PPTX
Revolutionizing Code Modernization with AI
KrzysztofKkol1
 
PPTX
Feb 2021 Cohesity first pitch presentation.pptx
enginsayin1
 
PPTX
How Apagen Empowered an EPC Company with Engineering ERP Software
SatishKumar2651
 
PDF
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
PDF
Capcut Pro Crack For PC Latest Version {Fully Unlocked} 2025
hashhshs786
 
PDF
Understanding the Need for Systemic Change in Open Source Through Intersectio...
Imma Valls Bernaus
 
PPTX
A Complete Guide to Salesforce SMS Integrations Build Scalable Messaging With...
360 SMS APP
 
PPTX
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
PDF
GetOnCRM Speeds Up Agentforce 3 Deployment for Enterprise AI Wins.pdf
GetOnCRM Solutions
 
PPTX
Java Native Memory Leaks: The Hidden Villain Behind JVM Performance Issues
Tier1 app
 
PDF
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
PDF
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
PDF
Mobile CMMS Solutions Empowering the Frontline Workforce
CryotosCMMSSoftware
 
PPTX
Equipment Management Software BIS Safety UK.pptx
BIS Safety Software
 
PDF
Powering GIS with FME and VertiGIS - Peak of Data & AI 2025
Safe Software
 
PDF
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
PPTX
Engineering the Java Web Application (MVC)
abhishekoza1981
 
PDF
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 
The Role of a PHP Development Company in Modern Web Development
SEO Company for School in Delhi NCR
 
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
Revolutionizing Code Modernization with AI
KrzysztofKkol1
 
Feb 2021 Cohesity first pitch presentation.pptx
enginsayin1
 
How Apagen Empowered an EPC Company with Engineering ERP Software
SatishKumar2651
 
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
Capcut Pro Crack For PC Latest Version {Fully Unlocked} 2025
hashhshs786
 
Understanding the Need for Systemic Change in Open Source Through Intersectio...
Imma Valls Bernaus
 
A Complete Guide to Salesforce SMS Integrations Build Scalable Messaging With...
360 SMS APP
 
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
GetOnCRM Speeds Up Agentforce 3 Deployment for Enterprise AI Wins.pdf
GetOnCRM Solutions
 
Java Native Memory Leaks: The Hidden Villain Behind JVM Performance Issues
Tier1 app
 
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
Mobile CMMS Solutions Empowering the Frontline Workforce
CryotosCMMSSoftware
 
Equipment Management Software BIS Safety UK.pptx
BIS Safety Software
 
Powering GIS with FME and VertiGIS - Peak of Data & AI 2025
Safe Software
 
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
Engineering the Java Web Application (MVC)
abhishekoza1981
 
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 
Ad

Building your own web based Authenticator