Projet

Général

Profil

Authentification » Historique » Version 77

Laurent GUERBY, 24/07/2018 23:22

1 1 Laurent GUERBY
{{>toc}}
2 1 Laurent GUERBY
3 1 Laurent GUERBY
h1. Authentification
4 1 Laurent GUERBY
5 25 Laurent GUERBY
h2. Liens
6 25 Laurent GUERBY
7 75 Laurent GUERBY
https://krebsonsecurity.com/2018/07/google-security-keys-neutered-employee-phishing/
8 75 Laurent GUERBY
https://tech.slashdot.org/story/18/07/23/1944236/none-of-googles-85000-employees-have-been-phished-in-more-than-a-year-after-company-required-them-to-use-physical-security-keys-for-2fa
9 75 Laurent GUERBY
https://twofactorauth.org/
10 75 Laurent GUERBY
https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
11 76 Laurent GUERBY
https://blog.mozilla.org/blog/2018/05/09/firefox-gets-down-to-business-and-its-personal/
12 77 Laurent GUERBY
https://hacks.mozilla.org/2018/01/using-hardware-token-based-2fa-with-the-webauthn-api/
13 75 Laurent GUERBY
14 3 Laurent GUERBY
https://en.wikipedia.org/wiki/YubiKey
15 1 Laurent GUERBY
16 66 Laurent GUERBY
https://0day.work/using-a-yubikey-for-gpg-and-ssh/
17 66 Laurent GUERBY
18 54 Laurent GUERBY
https://tech.slashdot.org/story/17/10/01/2130249/google-plans-upgrade-of-two-factor-authentication-for-politicians-and-ceos
19 54 Laurent GUERBY
20 62 Laurent GUERBY
https://www.evilsocket.net/2017/12/07/DIY-Portable-Secrets-Manager-with-a-RPI-Zero-and-the-ARC-Project/
21 62 Laurent GUERBY
22 55 Laurent GUERBY
https://lwn.net/Articles/734767/
23 55 Laurent GUERBY
Strategies for offline PGP key storage
24 55 Laurent GUERBY
25 68 Laurent GUERBY
https://blog.cloudflare.com/how-developers-got-password-security-so-wrong/
26 68 Laurent GUERBY
27 67 Laurent GUERBY
https://www.crowdsupply.com/sutajio-kosagi/tomu
28 67 Laurent GUERBY
29 73 Laurent GUERBY
https://www.tartarefr.eu/remplacer-les-mots-de-passe-par-linsertion-dune-cle-usb/
30 73 Laurent GUERBY
31 60 Laurent GUERBY
https://lwn.net/Articles/736231/
32 60 Laurent GUERBY
A comparison of cryptographic keycards
33 60 Laurent GUERBY
34 69 Laurent GUERBY
https://lwn.net/Articles/750430/
35 69 Laurent GUERBY
Free Nitrokey cryptographic cards for kernel developers
36 69 Laurent GUERBY
37 74 Laurent GUERBY
https://anarc.at/blog/2017-10-26-comparison-cryptographic-keycards/
38 74 Laurent GUERBY
39 72 Laurent GUERBY
https://mozilla-lockbox.github.io/
40 72 Laurent GUERBY
41 70 Laurent GUERBY
https://www.nextinpact.com/news/106385-connexion-securisee-api-webauthn-presque-finalisee-premiere-yubikey-fido2.htm
42 71 Laurent GUERBY
https://linode.com/docs/security/authentication/use-one-time-passwords-for-two-factor-authentication-with-ssh-on-ubuntu-16-04-and-debian-8/
43 71 Laurent GUERBY
https://support.yubico.com/support/solutions/articles/15000006444-losing-your-yubikey
44 70 Laurent GUERBY
45 63 Laurent GUERBY
https://hackaday.com/2017/12/14/using-gmail-with-oauth2-in-linux-and-on-an-esp8266/
46 63 Laurent GUERBY
47 61 Laurent GUERBY
https://www.imperialviolet.org/2017/10/08/securitykeytest.html
48 61 Laurent GUERBY
Testing Security Keys (08 Oct 2017)
49 61 Laurent GUERBY
50 61 Laurent GUERBY
https://github.com/hillbrad/U2FReviews#u2freviews
51 61 Laurent GUERBY
52 65 Laurent GUERBY
https://hackaday.com/2018/01/04/two-factor-authentication-with-the-esp8266/
53 65 Laurent GUERBY
54 56 Laurent GUERBY
https://hackaday.com/2017/10/16/inside-two-factor-authentication-apps
55 56 Laurent GUERBY
56 59 Laurent GUERBY
https://www.nextinpact.com/brief/protonmail-proposera-sa-propre-cle-de-securite-u2f-789.htm
57 59 Laurent GUERBY
58 47 Laurent GUERBY
https://www.crowdsupply.com/nth-dimension/signet
59 48 Laurent GUERBY
$39 kicad design
60 1 Laurent GUERBY
61 64 Laurent GUERBY
https://www.libre-parcours.net/post/comment-je-gere-mes-mots-de-passe/
62 64 Laurent GUERBY
63 57 Laurent GUERBY
https://protonmail.com/blog/encrypted_email_authentication/
64 57 Laurent GUERBY
https://tools.ietf.org/html/rfc2945
65 58 Laurent GUERBY
   The SRP Authentication and Key Exchange System Secure Remote Password (SRP)
66 57 Laurent GUERBY
67 57 Laurent GUERBY
68 48 Laurent GUERBY
https://www.crowdsupply.com/third-pin/pastilda
69 48 Laurent GUERBY
   $50 middle USB in out
70 48 Laurent GUERBY
   pas vraiment de design file dispo ?
71 48 Laurent GUERBY
   https://bitbucket.org/thirdpin_team/pastilda
72 48 Laurent GUERBY
   old https://github.com/thirdpin/pastilda
73 48 Laurent GUERBY
   
74 50 Laurent GUERBY
https://www.ory.am/run-oauth2-server-open-source-api-security.html
75 49 Laurent GUERBY
https://github.com/ory/hydra
76 49 Laurent GUERBY
   Oauth2 high performance
77 48 Laurent GUERBY
78 53 Laurent GUERBY
https://www.owasp.org/index.php/Authentication_Cheat_Sheet
79 53 Laurent GUERBY
  The Open Web Application Security Project
80 53 Laurent GUERBY
81 1 Laurent GUERBY
https://github.com/conorpp/u2f-zero
82 1 Laurent GUERBY
U2F Zero
83 1 Laurent GUERBY
U2F Zero is an open source U2F token for 2 factor authentication. It is implemented securely. It works with Google accounts, Github, Duo, OpenSSH, and anything else supporting U2F.
84 23 Laurent GUERBY
http://hackaday.com/2017/01/17/shmoocon-2017-the-ins-and-outs-of-manufacturing-and-selling-hardware/
85 36 Laurent GUERBY
https://www.u2fzero.com/
86 2 Laurent GUERBY
87 51 Laurent GUERBY
https://plus.google.com/+LaurenWeinstein/posts/avKcX7QmASi
88 51 Laurent GUERBY
Do I really need to bother with Google's 2-Step Verification system? I don't need more hassle and my passwords are pretty good.
89 51 Laurent GUERBY
90 52 Laurent GUERBY
https://lauren.vortex.com/2017/06/10/google-users-who-want-to-use-2-factor-protections-but-dont-understand-how
91 52 Laurent GUERBY
92 52 Laurent GUERBY
93 38 Laurent GUERBY
https://it.slashdot.org/story/17/05/04/218210/google-was-warned-about-this-weeks-mass-phishing-email-attack-six-years-ago
94 39 Laurent GUERBY
https://oauth.net/
95 41 Laurent GUERBY
https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/
96 38 Laurent GUERBY
97 12 Laurent GUERBY
http://arstechnica.com/security/2016/12/this-low-cost-device-may-be-the-worlds-best-hope-against-account-takeovers/
98 12 Laurent GUERBY
https://en.wikipedia.org/wiki/Universal_2nd_Factor
99 13 Laurent GUERBY
https://it.slashdot.org/story/16/12/24/0037256/u2f-security-keys-may-be-the-worlds-best-hope-against-account-takeovers
100 13 Laurent GUERBY
https://shop.nitrokey.com/shop/product/nitrokey-u2f-5
101 13 Laurent GUERBY
https://homepages.laas.fr/matthieu/talks/token-capitoul.pdf
102 14 Matthieu Herrb
https://github.com/ruimarinho/yubikey-handbook
103 37 Matthieu Herrb
https://research.kudelskisecurity.com/2017/04/28/configuring-yubikey-for-gpg-and-u2f/
104 12 Laurent GUERBY
105 7 Laurent GUERBY
http://hackaday.com/2016/09/29/taking-a-u2f-hardware-key-from-design-to-production/
106 7 Laurent GUERBY
107 1 Laurent GUERBY
https://m.nextinpact.com/news/102201-clefs-gpg-comment-stocker-et-utiliser-via-clef-usb-openpgp-card.htm
108 30 Guilhem Saurel
https://www.palkeo.com/sys/yubikey.html
109 29 Laurent GUERBY
110 24 Laurent GUERBY
http://www.limpkin.fr/index.php?post/2017/01/13/A-Mass-Programming-Bench-for-ATMega32u4-MCUs
111 40 Laurent GUERBY
112 40 Laurent GUERBY
https://www.themooltipass.com/
113 24 Laurent GUERBY
https://www.indiegogo.com/projects/mooltipass-open-source-offline-password-keeper
114 24 Laurent GUERBY
https://www.kickstarter.com/projects/limpkin/mooltipass-mini-your-passwords-on-the-go
115 24 Laurent GUERBY
116 2 Laurent GUERBY
https://raymii.org/s/articles/Get_Started_With_The_Nitrokey_HSM.html#SSH_Keys_with_the_HSM
117 2 Laurent GUERBY
118 16 Laurent GUERBY
https://media.ccc.de/v/33c3-8314-bootstraping_a_slightly_more_secure_laptop
119 16 Laurent GUERBY
120 15 Laurent GUERBY
https://portier.github.io/
121 15 Laurent GUERBY
122 2 Laurent GUERBY
https://sec2016.rmll.info/programme/#usb-armory
123 2 Laurent GUERBY
https://sec2016.rmll.info//files/
124 1 Laurent GUERBY
https://sec2016.rmll.info//files/20160704-02-Barisani-forging_the_usb_armory.pdf
125 48 Laurent GUERBY
https://www.crowdsupply.com/inverse-path/usb-armory
126 48 Laurent GUERBY
  $130
127 48 Laurent GUERBY
  kicad https://github.com/inversepath/usbarmory/tree/master/hardware
128 4 Laurent GUERBY
129 4 Laurent GUERBY
http://keithp.com/blogs/chaoskey/
130 4 Laurent GUERBY
http://saimei.acc.umu.se/pub/debian-meetings/2016/debconf16/Chaoskey_A_Hardware_Random_Number_Generator_for_Everyone.webm
131 5 Laurent GUERBY
132 5 Laurent GUERBY
http://www.nextinpact.com/news/100871-choisir-bon-mot-passe-regles-a-connaitre-pieges-a-eviter.htm
133 5 Laurent GUERBY
http://www.nextinpact.com/news/96167-u2f-double-authentification-par-clef-usb-se-repand-et-debarque-dans-dropbox.htm
134 6 Laurent GUERBY
https://forum.nextinpact.com/topic/157193-bien-g%C3%A9rer-ses-mots-de-passe/
135 5 Laurent GUERBY
https://fidoalliance.org/
136 18 Laurent GUERBY
https://blog.adafruit.com/2017/01/04/new-product-fido-u2f-security-key-u2f-usb-two-step-authentication-security/
137 19 Laurent GUERBY
https://www.ledgerwallet.com/products/12-ledger-nano-s
138 8 Laurent GUERBY
139 8 Laurent GUERBY
https://www.entrouvert.com/fr/identite-numerique/authentic-2/
140 9 Laurent GUERBY
141 9 Laurent GUERBY
142 9 Laurent GUERBY
https://indico.mathrice.fr/event/27/contribution/13/material/slides/0.pdf
143 9 Laurent GUERBY
Principe de fonctionnement OAuth2
144 10 Laurent GUERBY
145 10 Laurent GUERBY
http://blog.hansenpartnership.com/using-your-tpm-as-a-secure-key-store/
146 10 Laurent GUERBY
https://blog.filippo.io/giving-up-on-long-term-pgp/
147 11 Laurent GUERBY
148 11 Laurent GUERBY
https://www.ledgerwallet.com/products/12-ledger-nano-s 
149 11 Laurent GUERBY
https://github.com/LedgerHQ 
150 11 Laurent GUERBY
https://www.ledgerwallet.com/products/9-ledger-blue
151 17 Laurent GUERBY
152 17 Laurent GUERBY
http://digiposte.fr
153 17 Laurent GUERBY
edf, gdf, impots, assurances en auto via un id (?)
154 17 Laurent GUERBY
tu peux récupérer un zip des dossiers
155 20 Laurent GUERBY
156 20 Laurent GUERBY
157 20 Laurent GUERBY
https://lauren.vortex.com/2017/01/05/biting-the-bullet-its-time-to-require-2-factor-verified-logins
158 21 Laurent GUERBY
https://cloud.google.com/security/security-design/
159 22 Laurent GUERBY
https://github.com/google/key-transparency
160 27 Laurent GUERBY
https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766
161 25 Laurent GUERBY
162 28 Laurent GUERBY
https://tech.slashdot.org/story/17/01/30/2023249/facebooks-new-tool-looks-to-replace-traditional-two-factor-authentication
163 28 Laurent GUERBY
https://www.facebook.com/notes/protect-the-graph/improving-account-security-with-delegated-recovery/1833022090271267
164 28 Laurent GUERBY
165 31 Laurent GUERBY
https://keybase.io/blog/keybase-chat
166 31 Laurent GUERBY
167 32 Laurent GUERBY
https://arstechnica.com/gadgets/2017/02/no-key-no-login-g-suite-admins-can-now-make-fido-security-keys-mandatory/
168 32 Laurent GUERBY
169 33 Matthieu Herrb
https://chown.me/blog/my-recent-journey-with-2FA.html
170 33 Matthieu Herrb
171 34 Laurent GUERBY
https://korben.info/keybox-console-centraliser-vos-acces-ssh.html
172 34 Laurent GUERBY
http://sshkeybox.com/
173 34 Laurent GUERBY
174 42 Laurent GUERBY
https://github.com/lipp/login-with
175 42 Laurent GUERBY
176 43 Laurent GUERBY
https://blog.plan99.net/building-account-systems-f790bf5fdbe0
177 43 Laurent GUERBY
https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/
178 44 Laurent GUERBY
https://www.troyhunt.com/password-managers-dont-have-to-be-perfect-they-just-have-to-be-better-than-not-having-one/
179 45 Laurent GUERBY
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
180 45 Laurent GUERBY
https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
181 46 Laurent GUERBY
https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/
182 43 Laurent GUERBY
183 25 Laurent GUERBY
h2. Passwords
184 25 Laurent GUERBY
185 26 Guilhem Saurel
https://www.passwordstore.org/
186 25 Laurent GUERBY
https://keepassxreboot.github.io/project
187 35 Laurent GUERBY
https://ask.slashdot.org/story/17/03/08/212244/ask-slashdot-should-you-use-password-managers