decrypt-otpauth-files
tpm2-totp
decrypt-otpauth-files | tpm2-totp | |
---|---|---|
19 | 5 | |
118 | 148 | |
- | 6.8% | |
0.0 | 0.0 | |
3 months ago | about 1 month ago | |
Python | C | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
decrypt-otpauth-files
-
Ask HN: What 2FA iOS app do you use?
I used OTP Auth.app (https://cooperrs.de/otpauth.html) for many a while years on iOS and then on macOS too.
Now I've mostly transitioned to using the built in OTP handling in Keychain. Every so often I find one I haven't migrated across yet.
Another option is HE's NetWork Tools iOS app, which also has an OTP Authenticator in it. I believe it's a lot less integrated though (I don't think it provides a browser plugin, for example).
-
Authenticator App on IOS
Forget all the cloud-based Authenticators and use OTP Auth. https://cooperrs.de/otpauth.html
-
TOTP tokens on my wrist with the smartest dumb watch
I have been using OTP Auth for a while. It doesn't get updated a lot but it's working fine.
https://cooperrs.de/otpauth.html
-
Is there any way to export 2FA only?
I do that using a separate app, (OTPAuth for iOS), and pretty much for the same reason.
- What is everyones go to Authenticator App for 2FA with Proton Mail?
-
Raivo OTP and OTP Auth - iOS 2FA TOTP Solutions After Twilio (Authy) Hack
OTP Auth Website
-
Anyone know good authentication app that works well on iOS and also has a web version?
Good point. See also the developer's website: https://cooperrs.de/otpauth.html
-
Twilio, the people who own Authy, got hacked
Sure, that's a possibility. I believe it is developed by a single person. But the OTP Auth app allows you to export an encrypted backup that can be decrypted using an open source tool available here: https://github.com/CooperRS/decrypt-otpauth-files. Also, the OTP Auth app lets you view the original secrets (and display QR codes) used to create the TOTP entries. So it would be relatively easy to simply scan the QR codes with whatever new app you wanted to use in the future. In my book, that makes OTP Auth the safest option because I am guaranteed an easy way to migrate to a new app if I ever need to do so. ... Also, OTP Auth lets you have folders (in addition to searching), which is really helpful if you have a lot of 2FA accounts.
-
What 2FA app do you use for Bitwarden?
This is the best iOS answer. One of my most favorite apps. https://cooperrs.de/otpauth.html
-
2FA desktop app recommendation
OTP Auth. https://cooperrs.de/otpauth.html For iOS and macOS
tpm2-totp
-
TOTP tokens on my wrist with the smartest dumb watch
You need a TPM 2.0 compatible CPU, but something like this sounds really excellent: https://github.com/tpm2-software/tpm2-totp
This means your laptop itself would be your hardware device, the TOTP secret would be stored in the TPM and theoretically impossible to steal/copy. Of course this means you will probably want a mobile device (possibly a second laptop also) as a backup.)
- Can you detect tampering in /boot without SecureBoot on Linux?
-
Authenticated Boot and Disk Encryption on Linux
>But okay, you may extend my attack by saying that you exchange the motherboard between the victim and the attacker laptop, so that you don't need to replicate the chassis.
Modern computers has tamper detection and if you open them you'll need to type the BIOS password.
However, replacing the motherboard is going to replace the TPM. This is easily detectable with something like tpm2_totp in the bootchain.
https://github.com/tpm2-software/tpm2-totp
- Attest computer secure boot state to phone via time-based OTP and TPM
-
Does the TPM boost secure boot security?
You could also use TOTP for a kind of remote attestation (e.g., with your phone computing TOTP). In this setup, the CPU sends the timestamp to the TPM, and it returns the TOTP value. So instead of you looking at your phone to give the TOTP to a service provider to prove that you're in possession of your phone, the computer gives you a TOTP value to prove that it's in possession (inside the TPM, sealed to the boot chain hashes) of the TOTP secret, and you use your phone to verify this. A possible weakness (short of a full-blown TPM compromise) would be to send a bunch of forged timestamps to the TPM while your computer is running and store the resulting TOTP values, then tamper with Secure Boot and emit the precomputed TOTP corresponding to the current timestamp whenever you boot up your computer. But this would require running malicious code on your compute while you're logged in with the trusted boot chain.
What are some alternatives?
KeePassDX - Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
sbctl - :computer: :lock: :key: Secure Boot key manager
ios-application - A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
mortar - Framework to join Linux's physical security bricks.
keepass2android - Password manager app for Android
btrfs-todo - An issues only repo to organize our TODO items
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
heads - A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
cryptboot - Encrypted boot partition manager with UEFI Secure Boot support
andOTP - [Unmaintained] Open source two-factor authentication for Android
BangleApps - Bangle.js App Loader (and Apps)