Projet

Général

Profil

Authentification » Historique » Version 79

Laurent GUERBY, 25/07/2018 14:28

1 1 Laurent GUERBY
{{>toc}}
2 1 Laurent GUERBY
3 1 Laurent GUERBY
h1. Authentification
4 1 Laurent GUERBY
5 25 Laurent GUERBY
h2. Liens
6 25 Laurent GUERBY
7 75 Laurent GUERBY
https://krebsonsecurity.com/2018/07/google-security-keys-neutered-employee-phishing/
8 75 Laurent GUERBY
https://tech.slashdot.org/story/18/07/23/1944236/none-of-googles-85000-employees-have-been-phished-in-more-than-a-year-after-company-required-them-to-use-physical-security-keys-for-2fa
9 75 Laurent GUERBY
https://twofactorauth.org/
10 75 Laurent GUERBY
https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
11 76 Laurent GUERBY
https://blog.mozilla.org/blog/2018/05/09/firefox-gets-down-to-business-and-its-personal/
12 77 Laurent GUERBY
https://hacks.mozilla.org/2018/01/using-hardware-token-based-2fa-with-the-webauthn-api/
13 78 Laurent GUERBY
http://tomu.im/
14 75 Laurent GUERBY
15 79 Laurent GUERBY
https://linuxfr.org/news/gnuk-neug-fst-01-entre-cryptographie-et-materiel-libre
16 79 Laurent GUERBY
17 3 Laurent GUERBY
https://en.wikipedia.org/wiki/YubiKey
18 1 Laurent GUERBY
19 66 Laurent GUERBY
https://0day.work/using-a-yubikey-for-gpg-and-ssh/
20 66 Laurent GUERBY
21 54 Laurent GUERBY
https://tech.slashdot.org/story/17/10/01/2130249/google-plans-upgrade-of-two-factor-authentication-for-politicians-and-ceos
22 54 Laurent GUERBY
23 62 Laurent GUERBY
https://www.evilsocket.net/2017/12/07/DIY-Portable-Secrets-Manager-with-a-RPI-Zero-and-the-ARC-Project/
24 62 Laurent GUERBY
25 55 Laurent GUERBY
https://lwn.net/Articles/734767/
26 55 Laurent GUERBY
Strategies for offline PGP key storage
27 55 Laurent GUERBY
28 68 Laurent GUERBY
https://blog.cloudflare.com/how-developers-got-password-security-so-wrong/
29 68 Laurent GUERBY
30 67 Laurent GUERBY
https://www.crowdsupply.com/sutajio-kosagi/tomu
31 67 Laurent GUERBY
32 73 Laurent GUERBY
https://www.tartarefr.eu/remplacer-les-mots-de-passe-par-linsertion-dune-cle-usb/
33 73 Laurent GUERBY
34 60 Laurent GUERBY
https://lwn.net/Articles/736231/
35 60 Laurent GUERBY
A comparison of cryptographic keycards
36 60 Laurent GUERBY
37 69 Laurent GUERBY
https://lwn.net/Articles/750430/
38 69 Laurent GUERBY
Free Nitrokey cryptographic cards for kernel developers
39 69 Laurent GUERBY
40 74 Laurent GUERBY
https://anarc.at/blog/2017-10-26-comparison-cryptographic-keycards/
41 74 Laurent GUERBY
42 72 Laurent GUERBY
https://mozilla-lockbox.github.io/
43 72 Laurent GUERBY
44 70 Laurent GUERBY
https://www.nextinpact.com/news/106385-connexion-securisee-api-webauthn-presque-finalisee-premiere-yubikey-fido2.htm
45 71 Laurent GUERBY
https://linode.com/docs/security/authentication/use-one-time-passwords-for-two-factor-authentication-with-ssh-on-ubuntu-16-04-and-debian-8/
46 71 Laurent GUERBY
https://support.yubico.com/support/solutions/articles/15000006444-losing-your-yubikey
47 70 Laurent GUERBY
48 63 Laurent GUERBY
https://hackaday.com/2017/12/14/using-gmail-with-oauth2-in-linux-and-on-an-esp8266/
49 63 Laurent GUERBY
50 61 Laurent GUERBY
https://www.imperialviolet.org/2017/10/08/securitykeytest.html
51 61 Laurent GUERBY
Testing Security Keys (08 Oct 2017)
52 61 Laurent GUERBY
53 61 Laurent GUERBY
https://github.com/hillbrad/U2FReviews#u2freviews
54 61 Laurent GUERBY
55 65 Laurent GUERBY
https://hackaday.com/2018/01/04/two-factor-authentication-with-the-esp8266/
56 65 Laurent GUERBY
57 56 Laurent GUERBY
https://hackaday.com/2017/10/16/inside-two-factor-authentication-apps
58 56 Laurent GUERBY
59 59 Laurent GUERBY
https://www.nextinpact.com/brief/protonmail-proposera-sa-propre-cle-de-securite-u2f-789.htm
60 59 Laurent GUERBY
61 47 Laurent GUERBY
https://www.crowdsupply.com/nth-dimension/signet
62 48 Laurent GUERBY
$39 kicad design
63 1 Laurent GUERBY
64 64 Laurent GUERBY
https://www.libre-parcours.net/post/comment-je-gere-mes-mots-de-passe/
65 64 Laurent GUERBY
66 57 Laurent GUERBY
https://protonmail.com/blog/encrypted_email_authentication/
67 57 Laurent GUERBY
https://tools.ietf.org/html/rfc2945
68 58 Laurent GUERBY
   The SRP Authentication and Key Exchange System Secure Remote Password (SRP)
69 57 Laurent GUERBY
70 57 Laurent GUERBY
71 48 Laurent GUERBY
https://www.crowdsupply.com/third-pin/pastilda
72 48 Laurent GUERBY
   $50 middle USB in out
73 48 Laurent GUERBY
   pas vraiment de design file dispo ?
74 48 Laurent GUERBY
   https://bitbucket.org/thirdpin_team/pastilda
75 48 Laurent GUERBY
   old https://github.com/thirdpin/pastilda
76 48 Laurent GUERBY
   
77 50 Laurent GUERBY
https://www.ory.am/run-oauth2-server-open-source-api-security.html
78 49 Laurent GUERBY
https://github.com/ory/hydra
79 49 Laurent GUERBY
   Oauth2 high performance
80 48 Laurent GUERBY
81 53 Laurent GUERBY
https://www.owasp.org/index.php/Authentication_Cheat_Sheet
82 53 Laurent GUERBY
  The Open Web Application Security Project
83 53 Laurent GUERBY
84 1 Laurent GUERBY
https://github.com/conorpp/u2f-zero
85 1 Laurent GUERBY
U2F Zero
86 1 Laurent GUERBY
U2F Zero is an open source U2F token for 2 factor authentication. It is implemented securely. It works with Google accounts, Github, Duo, OpenSSH, and anything else supporting U2F.
87 23 Laurent GUERBY
http://hackaday.com/2017/01/17/shmoocon-2017-the-ins-and-outs-of-manufacturing-and-selling-hardware/
88 36 Laurent GUERBY
https://www.u2fzero.com/
89 2 Laurent GUERBY
90 51 Laurent GUERBY
https://plus.google.com/+LaurenWeinstein/posts/avKcX7QmASi
91 51 Laurent GUERBY
Do I really need to bother with Google's 2-Step Verification system? I don't need more hassle and my passwords are pretty good.
92 51 Laurent GUERBY
93 52 Laurent GUERBY
https://lauren.vortex.com/2017/06/10/google-users-who-want-to-use-2-factor-protections-but-dont-understand-how
94 52 Laurent GUERBY
95 52 Laurent GUERBY
96 38 Laurent GUERBY
https://it.slashdot.org/story/17/05/04/218210/google-was-warned-about-this-weeks-mass-phishing-email-attack-six-years-ago
97 39 Laurent GUERBY
https://oauth.net/
98 41 Laurent GUERBY
https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/
99 38 Laurent GUERBY
100 12 Laurent GUERBY
http://arstechnica.com/security/2016/12/this-low-cost-device-may-be-the-worlds-best-hope-against-account-takeovers/
101 12 Laurent GUERBY
https://en.wikipedia.org/wiki/Universal_2nd_Factor
102 13 Laurent GUERBY
https://it.slashdot.org/story/16/12/24/0037256/u2f-security-keys-may-be-the-worlds-best-hope-against-account-takeovers
103 13 Laurent GUERBY
https://shop.nitrokey.com/shop/product/nitrokey-u2f-5
104 13 Laurent GUERBY
https://homepages.laas.fr/matthieu/talks/token-capitoul.pdf
105 14 Matthieu Herrb
https://github.com/ruimarinho/yubikey-handbook
106 37 Matthieu Herrb
https://research.kudelskisecurity.com/2017/04/28/configuring-yubikey-for-gpg-and-u2f/
107 12 Laurent GUERBY
108 7 Laurent GUERBY
http://hackaday.com/2016/09/29/taking-a-u2f-hardware-key-from-design-to-production/
109 7 Laurent GUERBY
110 1 Laurent GUERBY
https://m.nextinpact.com/news/102201-clefs-gpg-comment-stocker-et-utiliser-via-clef-usb-openpgp-card.htm
111 30 Guilhem Saurel
https://www.palkeo.com/sys/yubikey.html
112 29 Laurent GUERBY
113 24 Laurent GUERBY
http://www.limpkin.fr/index.php?post/2017/01/13/A-Mass-Programming-Bench-for-ATMega32u4-MCUs
114 40 Laurent GUERBY
115 40 Laurent GUERBY
https://www.themooltipass.com/
116 24 Laurent GUERBY
https://www.indiegogo.com/projects/mooltipass-open-source-offline-password-keeper
117 24 Laurent GUERBY
https://www.kickstarter.com/projects/limpkin/mooltipass-mini-your-passwords-on-the-go
118 24 Laurent GUERBY
119 2 Laurent GUERBY
https://raymii.org/s/articles/Get_Started_With_The_Nitrokey_HSM.html#SSH_Keys_with_the_HSM
120 2 Laurent GUERBY
121 16 Laurent GUERBY
https://media.ccc.de/v/33c3-8314-bootstraping_a_slightly_more_secure_laptop
122 16 Laurent GUERBY
123 15 Laurent GUERBY
https://portier.github.io/
124 15 Laurent GUERBY
125 2 Laurent GUERBY
https://sec2016.rmll.info/programme/#usb-armory
126 2 Laurent GUERBY
https://sec2016.rmll.info//files/
127 1 Laurent GUERBY
https://sec2016.rmll.info//files/20160704-02-Barisani-forging_the_usb_armory.pdf
128 48 Laurent GUERBY
https://www.crowdsupply.com/inverse-path/usb-armory
129 48 Laurent GUERBY
  $130
130 48 Laurent GUERBY
  kicad https://github.com/inversepath/usbarmory/tree/master/hardware
131 4 Laurent GUERBY
132 4 Laurent GUERBY
http://keithp.com/blogs/chaoskey/
133 4 Laurent GUERBY
http://saimei.acc.umu.se/pub/debian-meetings/2016/debconf16/Chaoskey_A_Hardware_Random_Number_Generator_for_Everyone.webm
134 5 Laurent GUERBY
135 5 Laurent GUERBY
http://www.nextinpact.com/news/100871-choisir-bon-mot-passe-regles-a-connaitre-pieges-a-eviter.htm
136 5 Laurent GUERBY
http://www.nextinpact.com/news/96167-u2f-double-authentification-par-clef-usb-se-repand-et-debarque-dans-dropbox.htm
137 6 Laurent GUERBY
https://forum.nextinpact.com/topic/157193-bien-g%C3%A9rer-ses-mots-de-passe/
138 5 Laurent GUERBY
https://fidoalliance.org/
139 18 Laurent GUERBY
https://blog.adafruit.com/2017/01/04/new-product-fido-u2f-security-key-u2f-usb-two-step-authentication-security/
140 19 Laurent GUERBY
https://www.ledgerwallet.com/products/12-ledger-nano-s
141 8 Laurent GUERBY
142 8 Laurent GUERBY
https://www.entrouvert.com/fr/identite-numerique/authentic-2/
143 9 Laurent GUERBY
144 9 Laurent GUERBY
145 9 Laurent GUERBY
https://indico.mathrice.fr/event/27/contribution/13/material/slides/0.pdf
146 9 Laurent GUERBY
Principe de fonctionnement OAuth2
147 10 Laurent GUERBY
148 10 Laurent GUERBY
http://blog.hansenpartnership.com/using-your-tpm-as-a-secure-key-store/
149 10 Laurent GUERBY
https://blog.filippo.io/giving-up-on-long-term-pgp/
150 11 Laurent GUERBY
151 11 Laurent GUERBY
https://www.ledgerwallet.com/products/12-ledger-nano-s 
152 11 Laurent GUERBY
https://github.com/LedgerHQ 
153 11 Laurent GUERBY
https://www.ledgerwallet.com/products/9-ledger-blue
154 17 Laurent GUERBY
155 17 Laurent GUERBY
http://digiposte.fr
156 17 Laurent GUERBY
edf, gdf, impots, assurances en auto via un id (?)
157 17 Laurent GUERBY
tu peux récupérer un zip des dossiers
158 20 Laurent GUERBY
159 20 Laurent GUERBY
160 20 Laurent GUERBY
https://lauren.vortex.com/2017/01/05/biting-the-bullet-its-time-to-require-2-factor-verified-logins
161 21 Laurent GUERBY
https://cloud.google.com/security/security-design/
162 22 Laurent GUERBY
https://github.com/google/key-transparency
163 27 Laurent GUERBY
https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766
164 25 Laurent GUERBY
165 28 Laurent GUERBY
https://tech.slashdot.org/story/17/01/30/2023249/facebooks-new-tool-looks-to-replace-traditional-two-factor-authentication
166 28 Laurent GUERBY
https://www.facebook.com/notes/protect-the-graph/improving-account-security-with-delegated-recovery/1833022090271267
167 28 Laurent GUERBY
168 31 Laurent GUERBY
https://keybase.io/blog/keybase-chat
169 31 Laurent GUERBY
170 32 Laurent GUERBY
https://arstechnica.com/gadgets/2017/02/no-key-no-login-g-suite-admins-can-now-make-fido-security-keys-mandatory/
171 32 Laurent GUERBY
172 33 Matthieu Herrb
https://chown.me/blog/my-recent-journey-with-2FA.html
173 33 Matthieu Herrb
174 34 Laurent GUERBY
https://korben.info/keybox-console-centraliser-vos-acces-ssh.html
175 34 Laurent GUERBY
http://sshkeybox.com/
176 34 Laurent GUERBY
177 42 Laurent GUERBY
https://github.com/lipp/login-with
178 42 Laurent GUERBY
179 43 Laurent GUERBY
https://blog.plan99.net/building-account-systems-f790bf5fdbe0
180 43 Laurent GUERBY
https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/
181 44 Laurent GUERBY
https://www.troyhunt.com/password-managers-dont-have-to-be-perfect-they-just-have-to-be-better-than-not-having-one/
182 45 Laurent GUERBY
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
183 45 Laurent GUERBY
https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
184 46 Laurent GUERBY
https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/
185 43 Laurent GUERBY
186 25 Laurent GUERBY
h2. Passwords
187 25 Laurent GUERBY
188 26 Guilhem Saurel
https://www.passwordstore.org/
189 25 Laurent GUERBY
https://keepassxreboot.github.io/project
190 35 Laurent GUERBY
https://ask.slashdot.org/story/17/03/08/212244/ask-slashdot-should-you-use-password-managers