Projet

Général

Profil

Authentification » Historique » Version 75

Laurent GUERBY, 24/07/2018 23:19

1 1 Laurent GUERBY
{{>toc}}
2 1 Laurent GUERBY
3 1 Laurent GUERBY
h1. Authentification
4 1 Laurent GUERBY
5 25 Laurent GUERBY
h2. Liens
6 25 Laurent GUERBY
7 75 Laurent GUERBY
https://krebsonsecurity.com/2018/07/google-security-keys-neutered-employee-phishing/
8 75 Laurent GUERBY
https://tech.slashdot.org/story/18/07/23/1944236/none-of-googles-85000-employees-have-been-phished-in-more-than-a-year-after-company-required-them-to-use-physical-security-keys-for-2fa
9 75 Laurent GUERBY
https://twofactorauth.org/
10 75 Laurent GUERBY
https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
11 75 Laurent GUERBY
12 3 Laurent GUERBY
https://en.wikipedia.org/wiki/YubiKey
13 1 Laurent GUERBY
14 66 Laurent GUERBY
https://0day.work/using-a-yubikey-for-gpg-and-ssh/
15 66 Laurent GUERBY
16 54 Laurent GUERBY
https://tech.slashdot.org/story/17/10/01/2130249/google-plans-upgrade-of-two-factor-authentication-for-politicians-and-ceos
17 54 Laurent GUERBY
18 62 Laurent GUERBY
https://www.evilsocket.net/2017/12/07/DIY-Portable-Secrets-Manager-with-a-RPI-Zero-and-the-ARC-Project/
19 62 Laurent GUERBY
20 55 Laurent GUERBY
https://lwn.net/Articles/734767/
21 55 Laurent GUERBY
Strategies for offline PGP key storage
22 55 Laurent GUERBY
23 68 Laurent GUERBY
https://blog.cloudflare.com/how-developers-got-password-security-so-wrong/
24 68 Laurent GUERBY
25 67 Laurent GUERBY
https://www.crowdsupply.com/sutajio-kosagi/tomu
26 67 Laurent GUERBY
27 73 Laurent GUERBY
https://www.tartarefr.eu/remplacer-les-mots-de-passe-par-linsertion-dune-cle-usb/
28 73 Laurent GUERBY
29 60 Laurent GUERBY
https://lwn.net/Articles/736231/
30 60 Laurent GUERBY
A comparison of cryptographic keycards
31 60 Laurent GUERBY
32 69 Laurent GUERBY
https://lwn.net/Articles/750430/
33 69 Laurent GUERBY
Free Nitrokey cryptographic cards for kernel developers
34 69 Laurent GUERBY
35 74 Laurent GUERBY
https://anarc.at/blog/2017-10-26-comparison-cryptographic-keycards/
36 74 Laurent GUERBY
37 72 Laurent GUERBY
https://mozilla-lockbox.github.io/
38 72 Laurent GUERBY
39 70 Laurent GUERBY
https://www.nextinpact.com/news/106385-connexion-securisee-api-webauthn-presque-finalisee-premiere-yubikey-fido2.htm
40 71 Laurent GUERBY
https://linode.com/docs/security/authentication/use-one-time-passwords-for-two-factor-authentication-with-ssh-on-ubuntu-16-04-and-debian-8/
41 71 Laurent GUERBY
https://support.yubico.com/support/solutions/articles/15000006444-losing-your-yubikey
42 70 Laurent GUERBY
43 63 Laurent GUERBY
https://hackaday.com/2017/12/14/using-gmail-with-oauth2-in-linux-and-on-an-esp8266/
44 63 Laurent GUERBY
45 61 Laurent GUERBY
https://www.imperialviolet.org/2017/10/08/securitykeytest.html
46 61 Laurent GUERBY
Testing Security Keys (08 Oct 2017)
47 61 Laurent GUERBY
48 61 Laurent GUERBY
https://github.com/hillbrad/U2FReviews#u2freviews
49 61 Laurent GUERBY
50 65 Laurent GUERBY
https://hackaday.com/2018/01/04/two-factor-authentication-with-the-esp8266/
51 65 Laurent GUERBY
52 56 Laurent GUERBY
https://hackaday.com/2017/10/16/inside-two-factor-authentication-apps
53 56 Laurent GUERBY
54 59 Laurent GUERBY
https://www.nextinpact.com/brief/protonmail-proposera-sa-propre-cle-de-securite-u2f-789.htm
55 59 Laurent GUERBY
56 47 Laurent GUERBY
https://www.crowdsupply.com/nth-dimension/signet
57 48 Laurent GUERBY
$39 kicad design
58 1 Laurent GUERBY
59 64 Laurent GUERBY
https://www.libre-parcours.net/post/comment-je-gere-mes-mots-de-passe/
60 64 Laurent GUERBY
61 57 Laurent GUERBY
https://protonmail.com/blog/encrypted_email_authentication/
62 57 Laurent GUERBY
https://tools.ietf.org/html/rfc2945
63 58 Laurent GUERBY
   The SRP Authentication and Key Exchange System Secure Remote Password (SRP)
64 57 Laurent GUERBY
65 57 Laurent GUERBY
66 48 Laurent GUERBY
https://www.crowdsupply.com/third-pin/pastilda
67 48 Laurent GUERBY
   $50 middle USB in out
68 48 Laurent GUERBY
   pas vraiment de design file dispo ?
69 48 Laurent GUERBY
   https://bitbucket.org/thirdpin_team/pastilda
70 48 Laurent GUERBY
   old https://github.com/thirdpin/pastilda
71 48 Laurent GUERBY
   
72 50 Laurent GUERBY
https://www.ory.am/run-oauth2-server-open-source-api-security.html
73 49 Laurent GUERBY
https://github.com/ory/hydra
74 49 Laurent GUERBY
   Oauth2 high performance
75 48 Laurent GUERBY
76 53 Laurent GUERBY
https://www.owasp.org/index.php/Authentication_Cheat_Sheet
77 53 Laurent GUERBY
  The Open Web Application Security Project
78 53 Laurent GUERBY
79 1 Laurent GUERBY
https://github.com/conorpp/u2f-zero
80 1 Laurent GUERBY
U2F Zero
81 1 Laurent GUERBY
U2F Zero is an open source U2F token for 2 factor authentication. It is implemented securely. It works with Google accounts, Github, Duo, OpenSSH, and anything else supporting U2F.
82 23 Laurent GUERBY
http://hackaday.com/2017/01/17/shmoocon-2017-the-ins-and-outs-of-manufacturing-and-selling-hardware/
83 36 Laurent GUERBY
https://www.u2fzero.com/
84 2 Laurent GUERBY
85 51 Laurent GUERBY
https://plus.google.com/+LaurenWeinstein/posts/avKcX7QmASi
86 51 Laurent GUERBY
Do I really need to bother with Google's 2-Step Verification system? I don't need more hassle and my passwords are pretty good.
87 51 Laurent GUERBY
88 52 Laurent GUERBY
https://lauren.vortex.com/2017/06/10/google-users-who-want-to-use-2-factor-protections-but-dont-understand-how
89 52 Laurent GUERBY
90 52 Laurent GUERBY
91 38 Laurent GUERBY
https://it.slashdot.org/story/17/05/04/218210/google-was-warned-about-this-weeks-mass-phishing-email-attack-six-years-ago
92 39 Laurent GUERBY
https://oauth.net/
93 41 Laurent GUERBY
https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/
94 38 Laurent GUERBY
95 12 Laurent GUERBY
http://arstechnica.com/security/2016/12/this-low-cost-device-may-be-the-worlds-best-hope-against-account-takeovers/
96 12 Laurent GUERBY
https://en.wikipedia.org/wiki/Universal_2nd_Factor
97 13 Laurent GUERBY
https://it.slashdot.org/story/16/12/24/0037256/u2f-security-keys-may-be-the-worlds-best-hope-against-account-takeovers
98 13 Laurent GUERBY
https://shop.nitrokey.com/shop/product/nitrokey-u2f-5
99 13 Laurent GUERBY
https://homepages.laas.fr/matthieu/talks/token-capitoul.pdf
100 14 Matthieu Herrb
https://github.com/ruimarinho/yubikey-handbook
101 37 Matthieu Herrb
https://research.kudelskisecurity.com/2017/04/28/configuring-yubikey-for-gpg-and-u2f/
102 12 Laurent GUERBY
103 7 Laurent GUERBY
http://hackaday.com/2016/09/29/taking-a-u2f-hardware-key-from-design-to-production/
104 7 Laurent GUERBY
105 1 Laurent GUERBY
https://m.nextinpact.com/news/102201-clefs-gpg-comment-stocker-et-utiliser-via-clef-usb-openpgp-card.htm
106 30 Guilhem Saurel
https://www.palkeo.com/sys/yubikey.html
107 29 Laurent GUERBY
108 24 Laurent GUERBY
http://www.limpkin.fr/index.php?post/2017/01/13/A-Mass-Programming-Bench-for-ATMega32u4-MCUs
109 40 Laurent GUERBY
110 40 Laurent GUERBY
https://www.themooltipass.com/
111 24 Laurent GUERBY
https://www.indiegogo.com/projects/mooltipass-open-source-offline-password-keeper
112 24 Laurent GUERBY
https://www.kickstarter.com/projects/limpkin/mooltipass-mini-your-passwords-on-the-go
113 24 Laurent GUERBY
114 2 Laurent GUERBY
https://raymii.org/s/articles/Get_Started_With_The_Nitrokey_HSM.html#SSH_Keys_with_the_HSM
115 2 Laurent GUERBY
116 16 Laurent GUERBY
https://media.ccc.de/v/33c3-8314-bootstraping_a_slightly_more_secure_laptop
117 16 Laurent GUERBY
118 15 Laurent GUERBY
https://portier.github.io/
119 15 Laurent GUERBY
120 2 Laurent GUERBY
https://sec2016.rmll.info/programme/#usb-armory
121 2 Laurent GUERBY
https://sec2016.rmll.info//files/
122 1 Laurent GUERBY
https://sec2016.rmll.info//files/20160704-02-Barisani-forging_the_usb_armory.pdf
123 48 Laurent GUERBY
https://www.crowdsupply.com/inverse-path/usb-armory
124 48 Laurent GUERBY
  $130
125 48 Laurent GUERBY
  kicad https://github.com/inversepath/usbarmory/tree/master/hardware
126 4 Laurent GUERBY
127 4 Laurent GUERBY
http://keithp.com/blogs/chaoskey/
128 4 Laurent GUERBY
http://saimei.acc.umu.se/pub/debian-meetings/2016/debconf16/Chaoskey_A_Hardware_Random_Number_Generator_for_Everyone.webm
129 5 Laurent GUERBY
130 5 Laurent GUERBY
http://www.nextinpact.com/news/100871-choisir-bon-mot-passe-regles-a-connaitre-pieges-a-eviter.htm
131 5 Laurent GUERBY
http://www.nextinpact.com/news/96167-u2f-double-authentification-par-clef-usb-se-repand-et-debarque-dans-dropbox.htm
132 6 Laurent GUERBY
https://forum.nextinpact.com/topic/157193-bien-g%C3%A9rer-ses-mots-de-passe/
133 5 Laurent GUERBY
https://fidoalliance.org/
134 18 Laurent GUERBY
https://blog.adafruit.com/2017/01/04/new-product-fido-u2f-security-key-u2f-usb-two-step-authentication-security/
135 19 Laurent GUERBY
https://www.ledgerwallet.com/products/12-ledger-nano-s
136 8 Laurent GUERBY
137 8 Laurent GUERBY
https://www.entrouvert.com/fr/identite-numerique/authentic-2/
138 9 Laurent GUERBY
139 9 Laurent GUERBY
140 9 Laurent GUERBY
https://indico.mathrice.fr/event/27/contribution/13/material/slides/0.pdf
141 9 Laurent GUERBY
Principe de fonctionnement OAuth2
142 10 Laurent GUERBY
143 10 Laurent GUERBY
http://blog.hansenpartnership.com/using-your-tpm-as-a-secure-key-store/
144 10 Laurent GUERBY
https://blog.filippo.io/giving-up-on-long-term-pgp/
145 11 Laurent GUERBY
146 11 Laurent GUERBY
https://www.ledgerwallet.com/products/12-ledger-nano-s 
147 11 Laurent GUERBY
https://github.com/LedgerHQ 
148 11 Laurent GUERBY
https://www.ledgerwallet.com/products/9-ledger-blue
149 17 Laurent GUERBY
150 17 Laurent GUERBY
http://digiposte.fr
151 17 Laurent GUERBY
edf, gdf, impots, assurances en auto via un id (?)
152 17 Laurent GUERBY
tu peux récupérer un zip des dossiers
153 20 Laurent GUERBY
154 20 Laurent GUERBY
155 20 Laurent GUERBY
https://lauren.vortex.com/2017/01/05/biting-the-bullet-its-time-to-require-2-factor-verified-logins
156 21 Laurent GUERBY
https://cloud.google.com/security/security-design/
157 22 Laurent GUERBY
https://github.com/google/key-transparency
158 27 Laurent GUERBY
https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766
159 25 Laurent GUERBY
160 28 Laurent GUERBY
https://tech.slashdot.org/story/17/01/30/2023249/facebooks-new-tool-looks-to-replace-traditional-two-factor-authentication
161 28 Laurent GUERBY
https://www.facebook.com/notes/protect-the-graph/improving-account-security-with-delegated-recovery/1833022090271267
162 28 Laurent GUERBY
163 31 Laurent GUERBY
https://keybase.io/blog/keybase-chat
164 31 Laurent GUERBY
165 32 Laurent GUERBY
https://arstechnica.com/gadgets/2017/02/no-key-no-login-g-suite-admins-can-now-make-fido-security-keys-mandatory/
166 32 Laurent GUERBY
167 33 Matthieu Herrb
https://chown.me/blog/my-recent-journey-with-2FA.html
168 33 Matthieu Herrb
169 34 Laurent GUERBY
https://korben.info/keybox-console-centraliser-vos-acces-ssh.html
170 34 Laurent GUERBY
http://sshkeybox.com/
171 34 Laurent GUERBY
172 42 Laurent GUERBY
https://github.com/lipp/login-with
173 42 Laurent GUERBY
174 43 Laurent GUERBY
https://blog.plan99.net/building-account-systems-f790bf5fdbe0
175 43 Laurent GUERBY
https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/
176 44 Laurent GUERBY
https://www.troyhunt.com/password-managers-dont-have-to-be-perfect-they-just-have-to-be-better-than-not-having-one/
177 45 Laurent GUERBY
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
178 45 Laurent GUERBY
https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
179 46 Laurent GUERBY
https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/
180 43 Laurent GUERBY
181 25 Laurent GUERBY
h2. Passwords
182 25 Laurent GUERBY
183 26 Guilhem Saurel
https://www.passwordstore.org/
184 25 Laurent GUERBY
https://keepassxreboot.github.io/project
185 35 Laurent GUERBY
https://ask.slashdot.org/story/17/03/08/212244/ask-slashdot-should-you-use-password-managers