[opensource-dev] OpenID based logins?
Nicky Perian
nickyperian at yahoo.com
Thu Apr 21 18:12:35 PDT 2011
This email is a private and confidential communication. Any use of email may be
subject to the laws and regulations of the United States. You may not Repost,
Distribute nor reproduce any content of this message.
Shouldn't this trailer be dropped from your emails. Looks like you are posting
stuff to be shared and all traffic here is publicly archived.
________________________________
From: Brandon Husbands <xotmid at gmail.com>
To: Yoz Grahame <yoz at lindenlab.com>
Cc: opensource-dev <opensource-dev at lists.secondlife.com>
Sent: Thu, April 21, 2011 7:34:40 PM
Subject: Re: [opensource-dev] OpenID based logins?
The reason i ask is i recently setup a oauth / openid server that uses the
hmacone time pass alg. basically allows for you to use the google authenticator
app for 2 part authentication .
aka oath (not oauth);
basically i was thinking being able to use a authenticator for sl to further
protect the account.
http://code.google.com/p/google-authenticator/ has the phone apps.
heres the c# code;
public class HmacOneTimePassword
{
public const string DefaultAlgorithmName = "HMACSHA1";
public const int DefaultNumberOfDigits = 6;
private readonly HMAC hmac;
private readonly int numberOfDigits;
public HmacOneTimePassword(string secret)
: this(DefaultAlgorithmName, secret, DefaultNumberOfDigits)
{
}
public HmacOneTimePassword(string hmacAlgorithmName, string secret, int numberOfDigits)
{
this.hmac = HMAC.Create(hmacAlgorithmName);
this.hmac.Key = Encoding.ASCII.GetBytes(secret);
this.numberOfDigits = numberOfDigits;
}
public virtual byte[] GetHash(long iterationNumber)
{
byte[] text = new byte[8];
for (int i = text.Length - 1; i >= 0; i--)
{
text[i] = (byte)(iterationNumber & 0xff);
iterationNumber >>= 8;
}
return this.hmac.ComputeHash(text);
}
public virtual string GetPassword(long iterationNumber)
{
byte[] hash = this.GetHash(iterationNumber);
int offset = hash[hash.Length - 1] & 0xf;
int binary = ((hash[offset] & 0x7f) << 24) | ((hash[offset + 1] & 0xff) << 16) | ((hash[offset + 2] & 0xff) << 8) | (hash[offset + 3] & 0xff);
int otp = binary % (int)Math.Pow(10, this.numberOfDigits);
return otp.ToString(new string('0', this.numberOfDigits));
}
}
public class TimeOneTimePassword : HmacOneTimePassword
{
public const int DefaultTimeStepSeconds = 30;
public static readonly DateTime DefaultEpoch = DateTimeHelper.UnixEpoch;
private readonly DateTime epoch;
private readonly int timeStep;
public TimeOneTimePassword(string secret)
: this(DefaultAlgorithmName, secret, DefaultNumberOfDigits, DefaultEpoch, DefaultTimeStepSeconds)
{
}
public TimeOneTimePassword(string hmacAlgorithmName, string secret, int numberOfDigits, DateTime epoch, int timeStep)
: base(hmacAlgorithmName, secret, numberOfDigits)
{
this.epoch = epoch;
this.timeStep = timeStep;
}
public virtual string GetPassword()
{
return this.GetPassword(DateTime.UtcNow);
}
public virtual string GetPassword(DateTime iterationTime)
{
return base.GetPassword(this.GetIterationNumber(iterationTime));
}
public virtual long GetIterationNumber(DateTime iterationTime)
{
return (long)((iterationTime - this.epoch).TotalSeconds / this.timeStep);
}
}
public static class DateTimeHelper
{
/// <summary>
/// The base DateTime.
/// </summary>
public static readonly DateTime UnixEpoch = new DateTime(1970, 1, 1);
/// <summary>
/// Converts a unixtime into a DateTime.
/// </summary>
/// <param name="timestamp">The unixtime to convert.</param>
/// <returns>An equivalent datetime for the given unixtime.</returns>
public static DateTime FromUnixTime(double timestamp)
{
return UnixEpoch.AddSeconds(timestamp);
}
/// <summary>
/// Converts a DateTime to a unixtime.
/// </summary>
/// <param name="dateTime">The datetime to convert.</param>
/// <returns>An equivalent unixtime for the given datetime.</returns>
public static double ToUnixTime(DateTime dateTime)
{
TimeSpan timeSpan = dateTime - UnixEpoch;
return timeSpan.TotalSeconds;
}
/// <summary>
/// Returns the first day of the week for a given datetime.
/// </summary>
/// <param name="dateTime">The given datetime.</param>
/// <returns>The first day of the week.</returns>
public static DateTime FirstDayOfWeek(DateTime dateTime)
{
if (dateTime.DayOfWeek == DayOfWeek.Sunday)
{
dateTime = dateTime.AddDays(-7);
}
return dateTime.AddDays(-Convert.ToInt32(dateTime.DayOfWeek) + 1);
}
/// <summary>
/// Returns the last day of the week for a given datetime.
/// </summary>
/// <param name="dateTime">The given datetime.</param>
/// <returns>The last day of the week.</returns>
public static DateTime LastDayOfWeek(DateTime dateTime)
{
if (dateTime.DayOfWeek == DayOfWeek.Sunday)
{
dateTime = dateTime.AddDays(-7);
}
return new DateTime(dateTime.Year, dateTime.Month, dateTime.Day).AddDays(7 - Convert.ToInt32(dateTime.DayOfWeek));
}
/// <summary>
/// Returns the first day of the month of a given datetime.
/// </summary>
/// <param name="dateTime">The given datetime.</param>
/// <returns>The first day of the month.</returns>
public static DateTime FirstDayOfMonth(DateTime dateTime)
{
return new DateTime(dateTime.Year, dateTime.Month, 1);
}
/// <summary>
/// Returns the last day of the month for a given datetme.
/// </summary>
/// <param name="dateTime">The given datetime.</param>
/// <returns>The last day of the month.</returns>
public static DateTime LastDayOfMonth(DateTime dateTime)
{
return new DateTime(dateTime.Year, dateTime.Month, DateTime.DaysInMonth(dateTime.Year, dateTime.Month));
}
}
On Thu, Apr 21, 2011 at 6:34 PM, Yoz Grahame <yoz at lindenlab.com> wrote:
We've long thought about something like this, but it's currently low on the
priority list.
>
>For it to be really useful, it needs to work for viewer login; however, *that*
>needs web-triggered viewer login (as in, your authentication happens in an
>external browser window first, and then the viewer logs you straight in)
>otherwise you're forced to auth with your OpenID OP in the viewer window, and
>that's the classic Password Anti-Pattern*.
>
>
>Also, *if* we ever do this, we'd probably target Google and Facebook login
>first, though I *think* that Google Auth uses OpenID so we might get everything
>in one shot. (There's a multiple-orders-of-magnitude difference between those
>who'd use Google/Facebook auth and those who even know what OpenID is)
>
>In principle, I know of no reason why we wouldn't want this. We use OpenID and
>OAuth in various places already, and anything that makes it easier for people to
>authenticate securely is a Good Thing. However, we need to be convinced that
>there are major wins here before it can pushed up in the priorities.
>
>* http://www.designingsocialinterfaces.com/patterns/The_Password_Anti-Pattern
>
>
>On 21 April 2011 22:52, Brandon Husbands <xotmid at gmail.com> wrote:
>
>Any thoughts to being able to link your SL account to an open id identity
>server?
>>
>>--
>>-------------------------------------------------------------------------------------------------------------------------------
>>
>>This email is a private and confidential communication. Any use of email may be
>>subject to the laws and regulations of the United States. You may not Repost,
>>Distribute nor reproduce any content of this message.
>>-------------------------------------------------------------------------------------------------------------------------------
>>
>>-------------------------------------------------------------------------------------------------------------------------------
>>
>>
>>_______________________________________________
>>Policies and (un)subscribe information available here:
>>http://wiki.secondlife.com/wiki/OpenSource-Dev
>>Please read the policies before posting to keep unmoderated posting privileges
>>
>
--
-------------------------------------------------------------------------------------------------------------------------------
This email is a private and confidential communication. Any use of email may be
subject to the laws and regulations of the United States. You may not Repost,
Distribute nor reproduce any content of this message.
-------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/opensource-dev/attachments/20110421/27e30bb2/attachment-0001.htm
More information about the opensource-dev
mailing list