OTPClient: TOTP kyauta da mai sarrafa alamar HOTP tare da ginanniyar ɓoyewa

OTPClient: TOTP kyauta da mai sarrafa alamar HOTP tare da ginanniyar ɓoyewa

A farkon shekara, mun yi babban bugu mai alaƙa da taken Tsaro na bayanin. More musamman a kan batun amfani da 2FA fasaha, wanda aka fi sani da Mutanen Espanya, kamar "Factor Tantancewa Biyu" o "Tantance abubuwa biyu". Da kuma yadda ake shigar da aikace-aikacen da ake kira Google Authenticator da Twilio Auth, ta amfani da aikace-aikacen hoto da ake kira GNOME software. Yayin da a yau, za mu bincika kira na kyauta da buɗaɗɗe "OTPClient".

wanda bai wuce a Aikace-aikacen GTK+ don sarrafa TOTP da alamun HOTP tare da ginanniyar ɓoyewa, wato, don sarrafa tantance abubuwa biyu, mai goyan bayan duka biyun Kalmomin sirri na lokaci guda (TOTP), ta yaya Kalmomin sirri na tushen HMAC (HOTP).

2FA akan Linux: Yadda ake shigar da Google Authenticator da Twilio Authy?

Kuma kamar yadda aka saba, kafin shiga cikin batun yau game da aikace-aikacen "OTPClient", kuma mafi musamman akan Akwai sigar "2.4.9.1" akwai a tsarin flatpak, za mu bar wa masu sha'awar hanyoyin haɗin zuwa wasu abubuwan da suka danganci baya. Ta yadda za su iya gano su cikin sauƙi, idan ya cancanta, bayan kammala karatun wannan littafin:

"Fasahar “2FA”, wacce aka fi sani da Mutanen Espanya a matsayin “Tabbatar Faɗakarwa Biyu” ko “Tabbatar Faɗakarwa Biyu”, kyakkyawar hanyar kariya ce, tunda tana aiwatar da ƙarin tabbatarwa guda ɗaya a cikin ayyukanmu. Kuma don amfani da wannan fasaha, akwai apps da yawa kamar Google Authenticator da Twilio Authy. Wanne, anan zamu ga yadda ake shigar dasu akan GNU/Linux". 2FA akan Linux: Yadda ake shigar da Google Authenticator da Twilio Authy?

Labari mai dangantaka:

Google zai ba da damar tantance abubuwa biyu ta tsohuwa ga kowa

Labari mai dangantaka:

Google yana aiki akan sabon fasalin izini na 2FA wanda zai dogara akan QR

OTPClient: Software na GTK+ don Tabbacin Factor Biyu

Menene OTPClient?

A cewar masu haɓaka ta, a cikin ta official website akan GitHub, an bayyana shi a takaice kamar haka:

"Abokin ciniki ne na OTP da aka rubuta a cikin C/GTK, wanda ke tallafawa duka TOTP da HOTP. Don haka, yana da aminci sosai kuma yana da sauƙin amfani don tantance abubuwa biyu, yana goyan bayan kalmomin sirri na lokaci ɗaya (TOTP) da kalmomin shiga na lokaci ɗaya na tushen HMAC (HOTP).".

Duk da yake, a cikin gidan yanar gizon hukuma akan FlatHub, bayyana shi a fili kamar haka:

"Abu ne mai sauƙi don amfani da aikace-aikacen GTK don sarrafa amintattun alamun TOTP da HOTP. A ciki, an ɓoye abun ciki akan faifai ta amfani da AES256-GCM kuma ana samun babban kalmar sirri ta amfani da PBKDF2 tare da 100k iterations da SHA512 azaman algorithm hash. Har ila yau, yana ba da damar shigo da / fitarwa daga / zuwa OTP, da kuma shigo da madogara daga Authenticator+ app.".

Ayyukan

A halin yanzu, wasu daga cikinsu mafi fice fasali Su ne:

1. Goyan bayan saitin lambobi na al'ada (tsakanin 4 da 10 m).
2. Yana ba ku damar saita lokacin al'ada (tsakanin daƙiƙa 10 zuwa 120 wanda ya haɗa).
3. An rufaffen bayanan gida tare da AES256-GCM.
4. Ana samun maɓalli ta amfani da PBKDF2 tare da SHA512 da 100k maimaitawa.
5. Fayil ɗin da aka ɓoye ba a taɓa ajiyewa ba (kuma da fatan ba a taɓa musanya shi ba) zuwa faifai.
6. Abubuwan da aka ruɓe suna zaune a cikin "amintaccen ƙwaƙwalwar ajiya" wanda Gcrypt ya keɓe.
7. Ya haɗa da tallafi don duka TOTP da HOTP; SHA1, SHA256 da SHA512 goyon bayan algorithm; da goyan bayan lambobin Steam.
8. Yana ba ku damar shigo da rufaffen kwafin madadin na Authenticator Plus; shigo da fitarwa ɓoyayye da/ko masu sauƙi da OTP madadin; shigo da fitar da albarkatun tallafi na FreeOTPPlus (a cikin maɓalli na URI kawai); da shigo da fitarwa da albarkatun Aegis madadin (tsarin json kawai).

Binciken app

Kafin fara bitar wannan aikace-aikacen, yana da kyau a lura cewa za a gwada shi a kan Sake kunnawa da ake kira MiracleOS 3.0 MX-NG-22.01 dangane da MX-21 (Debian-11) da XFCE da kuma cewa mun bincika kwanan nan a nan.

Zazzagewa da Shigarwa

Don naka zazzage kuma shigar mun aiwatar da haka Umurnin umarni a cikin tasha (console), kamar yadda aka nuna a kasa:

«sudo flatpak install flathub com.github.paolostivanin.OTPClient»

Kisa da bincike

Da zarar an shigar, za mu iya farawa kuma mu bincika shi, kamar yadda aka nuna a ƙasa:

Don ƙarin bayani akan "OTPClient", zaku iya bincika hanyoyin haɗin yanar gizo masu zuwa:

• Kunshin Debian
• Madadin Zuwa / Buɗe Tushen
• GitHub / Wiki / Manual mai amfani

Tsaya

A taƙaice, muna fatan wannan jagorar ko koyaswar don shigar da "OTPClient", installing da latest version samuwa ta hanyar da Manajan kunshin Flatpak, zama mai amfani sosai ga mutane da yawa, musamman waɗanda ke buƙatar samun dama ga mahimman aikace-aikacen kan layi da ayyuka, ta hanyar tabbaci biyu, sosai Kalmomin sirri na lokaci guda (TOTP), ta yaya Kalmomin sirri na tushen HMAC (HOTP).

Muna fatan wannan littafin yana da amfani sosai ga gaba ɗaya «Comunidad de Software Libre, Código Abierto y GNU/Linux». Kuma kar ku manta da yin tsokaci game da shi a ƙasa, kuma ku raba shi tare da wasu akan shafukan yanar gizon da kuka fi so, tashoshi, kungiyoyi ko al'ummomin cibiyoyin sadarwar jama'a ko tsarin saƙo. A ƙarshe, ziyarci shafinmu a «DesdeLinux» don bincika ƙarin labarai, da shiga tashar tashar mu ta hukuma Telegram na DesdeLinux.