Machine learning has become more and more powerful, to the point where a bad actor can take a photo and a voice recording of someone you know, and forge a complete video recording. Bad actors can now digitally impersonate someone you love, and trick you into doing things like paying a ransom. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons.
Github: https://github.com/ksze/PeerAuth
ProofMode is an open-source project developed by Guardian Project, Okthanks and WITNESS.
We believe in a future, where every camera will have a “Proof Mode” that can be enabled and every viewer an ability to verify-then-trust what they are seeing. ProofMode is a system that enables authentication and verification of multimedia content, particularly captured on a smartphone, from point of capture at the source to viewing by a recipient. It utilizes enhanced sensor-driven metadata, hardware fingerprinting, cryptographic signing, and third-party notaries to enable a pseudonymous, decentralized approach to the need for chain-of-custody and “proof” by both activists and everyday people alike.
High performance self-hosted and fully customizable authentication service. In the early stages. Depends on Redis and MongoDB. Docker-first webshit but it can probably be broken out.
Under heavy development.
Unsecure time-based secret exploitation and Sandwich attack implementation resources.
Analyzes given tokens, figures out their structure, and tries to generate one-time pins using the same pattern.
A short, sweet, and "just the facts" overview of how to use a Yubikey and what their operational limits are (e.g., a single Yubikey can be used to authenticate against up to 32 services).
A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.
Selfauth is a self-hosted Authorization Endpoint used to login with a personal URL (as Web sign-in) via IndieAuth.
Requires only two files in a subdirectory, index.php and config.php. Does not require a database, writes its own config file. Then hide a link like this in your site's <head></head> block:
<link rel="authorization_endpoint" href="https://example.com/auth/" />
When logging into a site that supports it, your username is the URL of your website (https://example.com/) and your password is the password you gave when you set up selfauth.
Curated list of awesome technology protocols with a reference to official RFCs.
privacyIDEA is a modular authentication server that can be used to implement 2fa with your existing applications. Can use many different back-ends, from LDAP to Active Directory to flat files. Has a self-service portal for users. Policies enforce different requirements on groups. Supports HOTP, TOTP, SafeNet, eToken Pass, Safeword, OTP cards, Google Authenticator, RADIUS, SMS one-time tokens...
Has a TokenClass which is designed for adding new authentication devices. Has a REST API. Plugins for many services available. Supports detailed audit logging. Supports multiple databases for its datastores. Database contents are AES encrypted.
Github repo: https://github.com/privacyidea/privacyidea
Minimal HTML login page that uses a json file as a database.
MinTOTP is a Python tool that can be used to generate TOTP values from a secret key. Additionally, it exposes its functionality as module-level functions for Python developers. It can be used on any system with Python 3.4 or later installed on it. 30 lines of code (counting empty lines).
Github repo for the MIT RFID ring kit. Includes greyprints for fabbing your own rings.
A massive online database of default passwords for networking hardware, embedded devices, and operating systems.
Open source captive portal software for setting up your own wireless hotspot.
A good explanation of why /etc/shadow on Ubuntu Linux boxen is owned by group 'shadow' and is set 0640 rather than 0600.
Have you ever tried to SSH into one of your boxes, only to get dropped with a "Too many authentication failures" error? Here's how to fix it (it's a server side problem).
Ross Anderson put the entire second edition of Security Engineering on his website for free download. It's been very highly rated and recommended. Each chapter comes in its own PDF so be prepared to use a downloader to grab it all.
HybridAuth is a library for web apps which implements social sign-ins (meaning, you authenticate with an existing social network account (like Twitter or Facebook)) rather than applying for an account with an e-mail address. Lets the user import established profiles and contact lists from the socnet account they logged in with. Also has a library of plugins for existing frameworks and applications, from Drupal to Concrete to Wordpress. Written in PHP so that it'll run on just about every webhost out there out of the box.