django-passkeys
krypton
django-passkeys | krypton | |
---|---|---|
2 | 4 | |
163 | 47 | |
- | - | |
7.2 | 9.3 | |
5 months ago | 6 days ago | |
Python | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
django-passkeys
- Passkeys for Django
-
Passkeys on Django
django-passkeys is a Django app that extends Django ModelBackend to provide a passkey authentication.
krypton
-
Krptn: User Auth and Encryption of data at rest, derived from users’ credentials
Hello, all!
Encryption and user authentication are crucial to cybersecurity.
Encryption can be implemented at various levels. I believe that handling encryption at the application level is the most secure since it decreases the attack surface. For example, the SQL server doesn’t get to see the plaintext.
Krptn is a piece of software I’m currently building which could be used as a user authentication service, which also handles encryption (at the application level) of the user’s associated data (e.g.: the users’ phone number).
(Krptn only has a Python API right now.)
It would run in the same server instance as your Python code, so no need to host anything new (decreased complexity) - just install the Python module and call the APIs.
For additional security, I designed the system to derive the encryption keys from the users’ credentials. This prevents an attacker who gains access to the database from being able to decrypt all the data since the encryption keys aren’t stored anywhere. Additionally, each user gets an asymmetric keypair. This enables users to share specific pieces of information with each other.
I know that, for many projects, this level of encryption is not required to secure their system and hence not everyone would benefit from using this. But I hope that for the people who do wish to have such security, this project will help.
It would be much appreciated if you would try this out. Please let me know what you think of this! Also please provide some feedback if you have any!
Here is an example Django integration: https://github.com/krptn/djangoExample
Here is an example Flask integration: https://github.com/krptn/flaskExample
GitHub repo: https://github.com/krptn/krypton
-
Zero Knowledge Encryption for Python: Krptn
My friend and I have been working on Krptn, which handles encryption of data for web apps, and would love some feedback!
-
Krptn: Zero Knowledge security for Python Webapps
Link to source code: krptn/krypton: Zero Knowledge Security for Python (github.com)
What are some alternatives?
django-mfa2 - A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Webauthn), Email Token and Trusted Devices
Flask-HTTPAuth - Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes
Hawkpost - Generate links that users can use to submit messages encrypted with your public key.
backbone-python - The framework for building end-to-end encrypted applications.
kagi - WebAuthn security keys and TOTP multi-factor authentication for Django
djangoExample - Example Krptn Integration with Django
totp-cli - A cli-based pass-backed TOTP app.
flaskExample - Example Krptn Integration with Django