GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ThinkAlexandria → BoringAuth

ThinkAlexandria / BoringAuth

Licence: other
Straightforward password, passphrase, TOTP, and HOTP user authentication

Programming Languages

rust
11053 projects
c
50402 projects - #5 most used programming language
Makefile
30231 projects
python
139335 projects - #7 most used programming language

Labels

securityhotpoathpassword-store2fa2factor

Projects that are alternatives of or similar to BoringAuth

2FAuth
A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
Stars: ✭ 664 (+1255.1%)
Mutual labels:  hotp, 2fa, 2factor
One Time
One Time Password (TOTP and HOTP) library for Clojure. TOTP/HOTP is widely used for Two Factor / Multi Factor Authentication.
Stars: ✭ 129 (+163.27%)
Mutual labels:  hotp, 2fa
Swiftotp
A Swift library for generating One Time Passwords (OTP)
Stars: ✭ 119 (+142.86%)
Mutual labels:  hotp, 2fa
Authenticatorpro
📱 Two-Factor Authentication (2FA) client for Android + Wear OS
Stars: ✭ 155 (+216.33%)
Mutual labels:  hotp, 2fa
Java Otp
A one-time password (HOTP/TOTP) library for Java
Stars: ✭ 265 (+440.82%)
Mutual labels:  hotp, 2fa
Mintotp
Minimal TOTP generator in 20 lines of Python
Stars: ✭ 678 (+1283.67%)
Mutual labels:  hotp, 2fa
Aegis
A free, secure and open source app for Android to manage your 2-step verification tokens.
Stars: ✭ 2,692 (+5393.88%)
Mutual labels:  hotp, 2fa
Yubikey Manager Qt
Cross-platform application for configuring any YubiKey over all USB interfaces.
Stars: ✭ 137 (+179.59%)
Mutual labels:  hotp, 2fa
Freeotpplus
Enhanced fork of FreeOTP-Android providing a feature-rich 2FA authenticator
Stars: ✭ 223 (+355.1%)
Mutual labels:  hotp, 2fa
Onetimepassword
🔑 A small library for generating TOTP and HOTP one-time passwords on iOS.
Stars: ✭ 243 (+395.92%)
Mutual labels:  hotp, 2fa
crotp
CrOTP - One Time Passwords for Crystal
Stars: ✭ 62 (+26.53%)
Mutual labels:  hotp, 2fa
pyotp
Python One-Time Password Library
Stars: ✭ 1,930 (+3838.78%)
Mutual labels:  hotp, 2fa
2FA-Auth
Generating 2FA codes in your terminal
Stars: ✭ 23 (-53.06%)
Mutual labels:  2fa, 2factor
Otplib
🔑 One Time Password (OTP) / 2FA for Node.js and Browser - Supports HOTP, TOTP and Google Authenticator
Stars: ✭ 916 (+1769.39%)
Mutual labels:  hotp, 2fa
twothy
Two factor authenticator for CLI
Stars: ✭ 39 (-20.41%)
Mutual labels:  2fa, 2factor
Go Guardian
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.
Stars: ✭ 204 (+316.33%)
Mutual labels:  hotp, 2fa
otp-java
A small and easy-to-use one-time password generator library for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP).
Stars: ✭ 107 (+118.37%)
Mutual labels:  hotp, 2fa
apache 2fa
Apache two-factor (2FA) authentication with Google Authenticator based on Time-based One-Time Password (TOTP) or HMAC-based one-time password (HOTP) Algorithms.
Stars: ✭ 63 (+28.57%)
Mutual labels:  hotp, 2fa
hotp-php
HMAC Based One Time Passwords in PHP. RFC4226 and RFC6238 compliant.
Stars: ✭ 51 (+4.08%)
Mutual labels:  hotp
php-totp
HOTP and TOTP token generation
Stars: ✭ 33 (-32.65%)
Mutual labels:  hotp
View All Similar Projects ➔

BoringAuth

Build Status BoringAuth on crates.io

BoringAuth is a collection of tools for user authentication. BoringAuth is a fork of LibreAuth that chooses to use the actively developed ring crypto crate over the dead rust-crypto crate for its crypto primitives.

Ring compatibility chart.

BoringAuth Ring
v0.6.4 0.12
v0.7.0 0.13

Features

  • Password / passphrase authentication
    • no character-set limitation
    • reasonable lenth limit (security vs. DOS)
    • strong, evolutive and retro-compatible password derivation functions
    • crypt() compatibility
  • HOTP - HMAC-based One-time Password Algorithm (OATH - RFC 4226)
    • the key can be passed as bytes, an ASCII string, an hexadicimal string or a base32 string
    • customizable counter
    • customizable hash function (sha1, sha256, sha512)
    • customizable output length
    • customizable output alphabet
  • TOTP - Time-based One-time Password Algorithm (OATH - RFC 6238)
    • the key can be passed as bytes, an ASCII string, an hexadicimal string or a base32 string
    • customizable timestamp
    • customizable period
    • customizable initial time (T0)
    • customizable hash function (sha1, sha256, sha512)
    • customizable output length
    • customizable output alphabet
    • customizable positive and negative period tolerance
  • YubiKey OTP (Yubico)
    • virtual device API
    • client API
    • server API
  • U2F - Universal 2nd Factor (FIDO Alliance)
    • virtual device API
    • client API
    • server API

Using within a Rust project

You can find BoringAuth on crates.io and include it in your Cargo.toml:

boringauth = "*"

Using outside Rust

In order to build BoringAuth, you will need both the rust compiler and cargo.

$ git clone https://github.com/ThinkAlexandria/boringauth.git
$ cd boringauth
$ make
$ make install prefix=/usr

Quick examples

Rust

extern crate boringauth;
use boringauth::oath::TOTPBuilder;

let key = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ".to_string();
let code = TOTPBuilder::new()
    .base32_key(&key)
    .finalize()
    .unwrap()
    .generate();
assert_eq!(code.len(), 6);

C

#include <stdio.h>
#include <boringauth.h>

int main(void) {
  struct boringauth_totp_cfg cfg;
  char   code[7], key[] = "12345678901234567890";

  if (boringauth_totp_init(&cfg) != LIBREAUTH_OTP_SUCCESS) {
    return 1;
  }
  cfg.key = key;
  cfg.key_len = sizeof(key);
  if (boringauth_totp_generate(&cfg, code) != LIBREAUTH_OTP_SUCCESS) {
    return 2;
  }

  printf("%s\n", code);

  return 0;
}
$ cc -o totp totp.c -lboringauth
$ ./totp
848085

Python

from ctypes.util import find_library
from struct import Struct
from ctypes import *

class TOTPcfg(Structure):
    _fields_ = [
        ('key', c_char_p),
        ('key_len', c_size_t),
        ('timestamp', c_longlong),
        ('period', c_uint),
        ('initial_time', c_ulonglong),
        ('output_len', c_size_t),
        ('output_base', c_char_p),
        ('output_base_len', c_size_t),
        ('hash_function', c_int),
    ]

def get_totp():
    key = b'12345678901234567890'
    lib_path = find_library('boringauth') or 'target/release/libboringauth.so'
    lib = cdll.LoadLibrary(lib_path)
    cfg = TOTPcfg()
    if lib.boringauth_totp_init(byref(cfg)) != 0:
        return
    cfg.key_len = len(key)
    cfg.key = c_char_p(key)
    code = create_string_buffer(b'\000' * cfg.output_len)
    if lib.boringauth_totp_generate(byref(cfg), code) != 0:
        return
    return str(code.value, encoding="utf-8")

if __name__ == '__main__':
    code = get_totp()
    print('{}'.format(code))
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].