![]() The Yubikey doesn't appear to have this additional layer of protection. My argument is, with my authenticator app, not only do I physically need to have that device in my hands, but I also need to verify it is me by providing a fingerprint or pin credential before I gain access to my authentication codes. Is the technology designed in a more secure manner, or it is simply the convenience of not having to open an authentication app, look for the key and type it in? It seems like anybody I talk to that knows what the Yubikey is claims it is "better" but cannot give me reasons why. If this is not the case, make sure that the computer being used to upload the Arduino code is set to UTC time and try again.I'm trying to understand the advantages of having a Yubikey versus an authenticator app. If everything is working correctly, when you press the pushbutton, the 4 digits displayed should match the first 4 of the current code shown on the smartphone app. If you download the Google Authenticator app on a smartphone and go back to the site used to generate the HEX array, scanning the QR code or typing the "Google Authenticator code" into the app, you should see a number shown in the app. Copy the contents of the "Arduino HEX array:" field, and switch back to the Arduino editor, replacing the array on line 25 (hmacKey) with the one you copied from the site.Īfter double-checking each wire connection, make sure the RTC module has a coin cell in it, and connect the Arduino to your laptop using a USB mini cord, and upload the attached sketch.Īfter uploading, when the button is pressed, a number should show up on the screen. Open this link ( ) and input any name in the account name field, and a custom secret key (10 characters long) in the following field, making sure to save both of those values in a safe place for backup. Make sure you have the Arduino IDE installed (it can be found online if you don't) and install the following libraries:ĭownload the attached sketch (can also be accessed here: ), and open it using the Arduino IDE. ![]() SuppliesĪssemble all the components on the breadboard and wire them according to the attached wiring diagram (Fritzing file is here). ![]() This instructable is written for an audience that already understands the basics of interpreting electronics diagrams and rudimentary programming, but if you plan on simply following this Instructable exactly, don't worry if you have no experience, and feel free to ask questions down in the comments! Furthermore, the project can be interesting for more experienced makers as well since the final product is not only a nice piece to have around (in my opinion), but has so much potential for expansion and new features without much hassle. This Instructable is for enthusiasts that are interested in security and may want to implement a nice hardware component to the generation of their TOTP. HTOP is an algorithm that uses the HMAC algorithm to generate a one-time password.Ĭompanies such as Google, Microsoft, and Steam already use TOTP technology for their two-factor authenticationĪrticle explaining how Google uses this technology to authenticate users - implementation of HOTP and TOTP that may be used when creating software utilizing this project - Ĭrytographic library for Arduino used in this project. TOTP is an algorithm that computes a one-time password from a shared secret key and the current time. The most common use case would be two-factor verification based on Time-based One Time Password (TOTP) and HMAC-based One Time Password(HOTP) for authentication. This project generates a new code every 30 seconds using a preshared key and the current time (which is kept track of using the real-time clock module) and displays it on the display when the button is pressed. ![]() NOTE: The TOTP generation which is used in this project generates and utilizes 6 digit codes, but due to my current on-hand hardware, I opted to cut the trailing 2 digits and display and utilize 4, arguably (but not greatly) reducing the security. *This is a project I made as a birthday present and was created within tight time constraints (pardon the messy workmanship) Having a friend with an interest in cryptography and security, I wanted to create the perfect birthday present.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |