Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ruby で覚える TOTP

3,837 views

Published on

「IIJ Technical NIGHT 2016 Summer~もっと「多要素認証」を使おう~」( https://atnd.org/events/77087 ) での資料です。

Published in: Technology
  • If you want to download or read this book, copy link or url below in the New tab ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THI5 BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ACCESS WEBSITE for All Ebooks ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THI5 BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ACCESS WEBSITE for All Ebooks ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THI5 BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ACCESS WEBSITE for All Ebooks ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THI5 BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ACCESS WEBSITE for All Ebooks ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Ruby で覚える TOTP

  1. 1. Ruby TOTP
  2. 2. • Ruby • IIJ SmartKey *1 iOS *1 "IIJ SmartKey ". h1p:// www.iij.ad.jp/smartkey/
  3. 3. iOS D ! • D • h$p://hioki-daichi.jp/passwordd.html • • h$ps://github.com/hioki-daichi/ passwordd
  4. 4. otpauth://totp/ github.com/hioki-daichi ?issuer=GitHub &secret=njjlrjgljcebmj6l
  5. 5. otpauth://totp/ github.com/hioki-daichi ?issuer=GitHub &secret=njjlrjgljcebmj6l
  6. 6. njjlrjgljcebmj6l ! 165853 " 372144 # 770782 ...
  7. 7. Ruby ✨
  8. 8. hmac = OpenSSL::HMAC.digest( OpenSSL::Digest.new('sha1'), Base32.decode('NJJLRJGLJCEBMJ6L'), [Time.now.to_i / 30].pack('N*').rjust(8, 0.chr) ) #=> "nxEAxD6xBFxFBxA1xA6xB2x128 # x1AxB0x8Dx1DRxD4x8FxE6xD5xAE" hmac.unpack('[H*]').pop #=> "6eead6bffba1a6b212381ab08d1d52d48fe6d5ae" ------------------------------------------------------------- |6e|ea|d6|bf|fb|a1|a6|b2|12|38|1a|b0|8d|1d|52|d4|8f|e6|d5|ae| ------------------------------------------------------------|
  9. 9. offset = hmac[-1].ord & 0xf code = (hmac[offset ].ord & 0x7f) << 24 | (hmac[offset + 1].ord & 0xff) << 16 | (hmac[offset + 2].ord & 0xff) << 8 | (hmac[offset + 3].ord & 0xff) (code % 10 ** 6).to_s.rjust(6, '0') #=> "662182" ------------------------------------------------------------- |6e|ea|d6|bf|fb|a1|a6|b2|12|38|1a|b0|8d|1d|52|d4|8f|e6|d5|ae| -------------------------------------------***********----++| 0xae & 0xf #=> 14 0x52d48fe6 #=> 1389662182 ~~~~~~
  10. 10. otpauth://totp/ github.com/hioki-daichi ?issuer=GitHub &secret=njjlrjgljcebmj6l
  11. 11. otpauth://totp/ github.com/hioki-daichi ?issuer=GitHub &secret=njjlrjgljcebmj6l &algorithm=SHA256 &digits=8 &period=10
  12. 12. Key Uri Format*2 *2 "Key Uri Format · google/google-authen8cator Wiki". GitHub. h@ps://github.com/google/google-authen8cator/ wiki/Key-Uri-Format
  13. 13. Type REQUIRED otpauth://totp/ACME%20Co:john.doe@email.com? secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=AC ME%20Co&algorithm=SHA1&digits=6&period=30 • totp / hotp
  14. 14. Label REQUIRED otpauth://totp/ACME%20Co:john.doe@email.com? secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=AC ME%20Co&algorithm=SHA1&digits=6&period=30 • secret • "#{issuer}:#{accountname}" !
  15. 15. Secret REQUIRED otpauth://totp/ACME%20Co:john.doe@email.com? secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=A CME%20Co&algorithm=SHA1&digits=6&period=30 • 128 160 • Base32 stesla/base32*3 *3 "stesla/base32: A library which provides base32 decoding and encoding.".GitHub. h?ps://github.com/stesla/base32
  16. 16. Issuer STRONGLY RECOMMENDED otpauth://totp/ACME%20Co:john.doe@email.com? secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=AC ME%20Co&algorithm=SHA1&digits=6&period=30 • Label • Label Parameters !
  17. 17. Algorithm OPTIONAL otpauth://totp/ACME%20Co:john.doe@email.com? secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=AC ME%20Co&algorithm=SHA1&digits=6&period=30 • SHA1 (Default) / SHA256 / SHA512
  18. 18. Digits OPTIONAL otpauth://totp/ACME%20Co:john.doe@email.com? secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=AC ME%20Co&algorithm=SHA1&digits=6&period=30 • 6 (Default) / 8 • 6 10 ** 6
  19. 19. Period OPTIONAL otpauth://totp/ACME%20Co:john.doe@email.com? secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=AC ME%20Co&algorithm=SHA1&digits=6&period=30 • 30
  20. 20. HOTP OTP !
  21. 21. Gem !
  22. 22. mdp/rotp*4 totp = ROTP::TOTP.new( "BASE32SECRET3232", interval: 60, issuer: "ACME Co", digits: 8, digest: "sha256" ) #=> #<ROTP::TOTP:0x007fde9244c028 # @interval=60, @issuer="ACME Co", # @digits=8, @digest="sha256", # @secret="BASE32SECRET3232"> *4 "mdp/rotp: Ruby One Time Password library".GitHub h?ps://github.com/mdp/rotp
  23. 23. mdp/rotp*4 totp.now #=> "24430035" totp.provisioning_uri("john.doe@email.com") #=> "otpauth://totp/ # ACME%20Co:john.doe@email.com # ?secret=BASE32SECRET3232 # &period=60 # &issuer=ACME+Co&digits=8" *4 "mdp/rotp: Ruby One Time Password library".GitHub h?ps://github.com/mdp/rotp
  24. 24. mdp/rotp*4 totp.verify("24430035") #=> false totp.verify_with_drift("24430035", 10) #=> true *4 "mdp/rotp: Ruby One Time Password library".GitHub h?ps://github.com/mdp/rotp
  25. 25. TOTP
  26. 26. ! • • e.g. SMS
  27. 27. SMS
  28. 28. QR ! QR • UI
  29. 29. ! ( ) • ( )
  30. 30. ! secret • SecureRandom
  31. 31. IIJ SmartKey *5 *5 "IIJ SmartKey ". h1p://www.iij.ad.jp/biz/smartkey-m/
  32. 32. ② $ curl $API_ENDPOINT/apps/$APP_ID/accounts/$ACCOUNT_ID/notifications -X POST -H 'Content-Type: application/json' -H 'X-Iij-Smart-Key-Api-Key: $API_KEY' -d '{ "title":"GitHub ", "message":"GitHub ", "push_notification_title":" ", "push_notification_message":" " }'
  33. 33. ⑥ $ curl $API_ENDPOINT/apps/$APP_ID/accounts/$ACCOUNT_ID/notifications ... { "key":"b89609af119c3a94fb05b60c15bb8807", "account_code":"728f190fa43069c449411ecef22b550cd0a1edbf", "title":"GitHub ", "message":"GitHub ", "status":"verified", "notified_at":"2016-06-16T00:00:00.000+09:00" }
  34. 34. • RFC6238 • TOTP: Time-Based One-Time Password Algorithm • h?ps://tools.ieC.org/html/rfc6238 • RFC4226 • HOTP: An HMAC-Based One-Time Password Algorithm • h?ps://tools.ieC.org/html/rfc4226 • RFC2104 • HMAC: Keyed-Hashing for Message AuthenNcaNon • h?ps://tools.ieC.org/html/rfc2104 • RFC4648 • The Base16, Base32, and Base64 Data Encodings • h?ps://tools.ieC.org/html/rfc4648

×