Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
תוכן מסופק על ידי HPR Volunteer and Hacker Public Radio. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי HPR Volunteer and Hacker Public Radio או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לHacker Public Radio
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
1k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k481
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
HPR4503: One time passwords using oathtool
Manage episode 517780253 series 44008
תוכן מסופק על ידי HPR Volunteer and Hacker Public Radio. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי HPR Volunteer and Hacker Public Radio או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
This show has been flagged as Clean by the host.
Oathtool
06 OATH Options and Oathtool
The OATH standard has several options.
You need to know which OATH options the site you wish to log into uses in order to use OATH.
07 Options - TOTP versus HOTP
There are two different types of OATH one time passwords, HOTP and TOTP.
HOTP uses a counter.
I won't go into more detail on HOTP as I haven't come across anyone using it.
TOTP uses the current time instead of a counter.
The time is fed into the OATH algorithm along with the shared secret to generate a new password on both ends of the connection.
All the instances of OATH that I am familiar with use TOTP.
08 TOTP Mode
Totp has different "modes".
These modes are hash encoding algorithms such as SHA1, SHA256, or SHA512.
The correct mode must be selected in order to log in using OATH with TOTP.
09 Encoding - Hex versus Base32
Both ends of the connection must be initialized with a shared secret or key which is required as part of the OATH algorithm.
This key could be encoded in one of two forms, either hexadecimal or base32.
Web sites often do not document which encoding method they are using.
If you cannot determine the encoding of the key by simply looking at it you may need to use trial and error during your first OATH log in attempts to see which type of key has been used.
10 Github and Pypi Options
Github and Pypi are two of the most prominent web sites using OATH.
Both use the same options, TOTP with SHA1 mode, and base32 encoding.
11 Using Oathtool
oathtool is a simple command line application which generates one time passwords for use with OATH.
It can be run in a terminal.
However, can also be turned into a simple GUI application using Zenity. Will discuss this in more detail later.
By default oathtool uses hotp and hex encoding.
To use totp and base32 encoding you must specify these on the command line.
To specify base32 encoding for use with for example Github, pass the "-b" or "--base32" argument on the command line.
To specify TOTP, pass the "--totp" argument on the command line.
By default, oathtool uses SHA1 with totp, so you don't need to specify that if you require SHA1.
If you need a different TOTP mode, you specify that as part of the TOTP argument separated by an "=" character. For example "--totp=SHA256".
12 Oathtool Example
Here is a simple example of using oathtool to create a one time password to use with Github or Pypi.
Open a terminal and type the following.
oathtool -b --totp SOMEBIGBASE32SECRETCODE
The one time password will be printed out in the terminal.
You can try this out without using a valid key so long as it is a valid base32 string.
When used with a valid key you then enter that one time password into Github, Pypi, or other web site where it asks for the one time password.
Note that I have not covered in the above how to store and retrieve the key securely, as that is too big of a topic to cover here.
13 Zenity Example
Oathtool is a command line application, but if you are using Linux it is simple to convert it into a GUI application by using "Zenity".
Zenity is a simple to use package that creates GUI windows on the command line or in a shell script.
There are two steps to the proceess.
First create the OTP from the key by using oathtool and save it in a variable.
Next, call a Zenity "info" window with the OTP as part of the provided text.
You can now copy and paste the OTP from the window into your web browser.
To close the window, click on the "OK" button.
See the previous note on storing the key securely.
hprcode=$(oathtool -b --totp SOMEBIGBASE32SECRETCODE)
zenity --info --width=150 --title="HPR 2FA" --text="2FA code is: \n\n $hprcode \n"
If you are using Gnome you can make the script launchable from the desktop by creading a ".desktop" file in the "Desktop" directory.
161 פרקים
שתפו
Manage episode 517780253 series 44008
תוכן מסופק על ידי HPR Volunteer and Hacker Public Radio. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי HPR Volunteer and Hacker Public Radio או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
This show has been flagged as Clean by the host.
Oathtool
06 OATH Options and Oathtool
The OATH standard has several options.
You need to know which OATH options the site you wish to log into uses in order to use OATH.
07 Options - TOTP versus HOTP
There are two different types of OATH one time passwords, HOTP and TOTP.
HOTP uses a counter.
I won't go into more detail on HOTP as I haven't come across anyone using it.
TOTP uses the current time instead of a counter.
The time is fed into the OATH algorithm along with the shared secret to generate a new password on both ends of the connection.
All the instances of OATH that I am familiar with use TOTP.
08 TOTP Mode
Totp has different "modes".
These modes are hash encoding algorithms such as SHA1, SHA256, or SHA512.
The correct mode must be selected in order to log in using OATH with TOTP.
09 Encoding - Hex versus Base32
Both ends of the connection must be initialized with a shared secret or key which is required as part of the OATH algorithm.
This key could be encoded in one of two forms, either hexadecimal or base32.
Web sites often do not document which encoding method they are using.
If you cannot determine the encoding of the key by simply looking at it you may need to use trial and error during your first OATH log in attempts to see which type of key has been used.
10 Github and Pypi Options
Github and Pypi are two of the most prominent web sites using OATH.
Both use the same options, TOTP with SHA1 mode, and base32 encoding.
11 Using Oathtool
oathtool is a simple command line application which generates one time passwords for use with OATH.
It can be run in a terminal.
However, can also be turned into a simple GUI application using Zenity. Will discuss this in more detail later.
By default oathtool uses hotp and hex encoding.
To use totp and base32 encoding you must specify these on the command line.
To specify base32 encoding for use with for example Github, pass the "-b" or "--base32" argument on the command line.
To specify TOTP, pass the "--totp" argument on the command line.
By default, oathtool uses SHA1 with totp, so you don't need to specify that if you require SHA1.
If you need a different TOTP mode, you specify that as part of the TOTP argument separated by an "=" character. For example "--totp=SHA256".
12 Oathtool Example
Here is a simple example of using oathtool to create a one time password to use with Github or Pypi.
Open a terminal and type the following.
oathtool -b --totp SOMEBIGBASE32SECRETCODE
The one time password will be printed out in the terminal.
You can try this out without using a valid key so long as it is a valid base32 string.
When used with a valid key you then enter that one time password into Github, Pypi, or other web site where it asks for the one time password.
Note that I have not covered in the above how to store and retrieve the key securely, as that is too big of a topic to cover here.
13 Zenity Example
Oathtool is a command line application, but if you are using Linux it is simple to convert it into a GUI application by using "Zenity".
Zenity is a simple to use package that creates GUI windows on the command line or in a shell script.
There are two steps to the proceess.
First create the OTP from the key by using oathtool and save it in a variable.
Next, call a Zenity "info" window with the OTP as part of the provided text.
You can now copy and paste the OTP from the window into your web browser.
To close the window, click on the "OK" button.
See the previous note on storing the key securely.
hprcode=$(oathtool -b --totp SOMEBIGBASE32SECRETCODE)
zenity --info --width=150 --title="HPR 2FA" --text="2FA code is: \n\n $hprcode \n"
If you are using Gnome you can make the script launchable from the desktop by creading a ".desktop" file in the "Desktop" directory.
161 פרקים
כל הפרקים
×
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
דומה לHacker Public Radio
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
1k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k481
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
