flaskExample
adfsmfa
flaskExample | adfsmfa | |
---|---|---|
1 | 2 | |
3 | 129 | |
- | 0.8% | |
3.0 | 5.6 | |
9 months ago | 2 days ago | |
HTML | C# | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flaskExample
-
Krptn: User Auth and Encryption of data at rest, derived from users’ credentials
Hello, all!
Encryption and user authentication are crucial to cybersecurity.
Encryption can be implemented at various levels. I believe that handling encryption at the application level is the most secure since it decreases the attack surface. For example, the SQL server doesn’t get to see the plaintext.
Krptn is a piece of software I’m currently building which could be used as a user authentication service, which also handles encryption (at the application level) of the user’s associated data (e.g.: the users’ phone number).
(Krptn only has a Python API right now.)
It would run in the same server instance as your Python code, so no need to host anything new (decreased complexity) - just install the Python module and call the APIs.
For additional security, I designed the system to derive the encryption keys from the users’ credentials. This prevents an attacker who gains access to the database from being able to decrypt all the data since the encryption keys aren’t stored anywhere. Additionally, each user gets an asymmetric keypair. This enables users to share specific pieces of information with each other.
I know that, for many projects, this level of encryption is not required to secure their system and hence not everyone would benefit from using this. But I hope that for the people who do wish to have such security, this project will help.
It would be much appreciated if you would try this out. Please let me know what you think of this! Also please provide some feedback if you have any!
Here is an example Django integration: https://github.com/krptn/djangoExample
Here is an example Flask integration: https://github.com/krptn/flaskExample
GitHub repo: https://github.com/krptn/krypton
adfsmfa
-
Am I being spoofed or hacked?
My server is also a homelab one. No sign of Hafnium, and I was patched very early, but it did prompt me to do my next project. ECP was already blocked from outside, but OWA is now handled by a WAP, which authenticates against my ADFS server with MFA. If anyone is looking for a free MFA solution to use with ADFS, I can recommend this.
-
Any other Young homelabers out there? I'm 17 and Just did this huge upgrade, scored this rack and 3 servers for free off marketplace.
You should give it a try. It's not the simplest exercise, you need to get familiar with Certificate Authorities, ADFS, and set up an MFA provider (I recommend this: https://github.com/neos-sdi/adfsmfa), but once it's done, being able to log in to Win10 with a fingerprint is very cool.
What are some alternatives?
krypton - Data encryption at rest and IAM for Python
DSInternals - Directory Services Internals (DSInternals) PowerShell Module and Framework
djangoExample - Example Krptn Integration with Django
a12n-server - An open source lightweight OAuth2 server
TOTP-for-pGina-Fork - A plugin for the pGina Fork that allows a Time-based One-Time Password for Windows Logon using the Google Authenticator App.
fido2-net-lib - FIDO2 .NET library for FIDO2 / WebAuthn Attestation and Assertion using .NET
glewlwyd - Experimental Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins
django-mfa2 - A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Webauthn), Email Token and Trusted Devices
getSAMLResponse-Interactive - Set of tools to interactively authenticate to a SAML IDP and return SAML Response.