The reason i ask is i recently setup a oauth / openid server that uses the hmacone time pass alg. basically allows for you to use the google authenticator app for 2 part authentication . aka oath (not oauth);
basically i was thinking being able to use a authenticator for sl to further protect the account. http://code.google.com/p/google-authenticator/ has the phone apps. heres the c# code; public class HmacOneTimePassword { public const string DefaultAlgorithmName = "HMACSHA1"; public const int DefaultNumberOfDigits = 6; private readonly HMAC hmac; private readonly int numberOfDigits; public HmacOneTimePassword(string secret) : this(DefaultAlgorithmName, secret, DefaultNumberOfDigits) { } public HmacOneTimePassword(string hmacAlgorithmName, string secret, int numberOfDigits) { this.hmac = HMAC.Create(hmacAlgorithmName); this.hmac.Key = Encoding.ASCII.GetBytes(secret); this.numberOfDigits = numberOfDigits; } public virtual byte[] GetHash(long iterationNumber) { byte[] text = new byte[8]; for (int i = text.Length - 1; i >= 0; i--) { text[i] = (byte)(iterationNumber & 0xff); iterationNumber >>= 8; } return this.hmac.ComputeHash(text); } public virtual string GetPassword(long iterationNumber) { byte[] hash = this.GetHash(iterationNumber); int offset = hash[hash.Length - 1] & 0xf; int binary = ((hash[offset] & 0x7f) << 24) | ((hash[offset + 1] & 0xff) << 16) | ((hash[offset + 2] & 0xff) << 8) | (hash[offset + 3] & 0xff); int otp = binary % (int)Math.Pow(10, this.numberOfDigits); return otp.ToString(new string('0', this.numberOfDigits)); } } public class TimeOneTimePassword : HmacOneTimePassword { public const int DefaultTimeStepSeconds = 30; public static readonly DateTime DefaultEpoch = DateTimeHelper.UnixEpoch; private readonly DateTime epoch; private readonly int timeStep; public TimeOneTimePassword(string secret) : this(DefaultAlgorithmName, secret, DefaultNumberOfDigits, DefaultEpoch, DefaultTimeStepSeconds) { } public TimeOneTimePassword(string hmacAlgorithmName, string secret, int numberOfDigits, DateTime epoch, int timeStep) : base(hmacAlgorithmName, secret, numberOfDigits) { this.epoch = epoch; this.timeStep = timeStep; } public virtual string GetPassword() { return this.GetPassword(DateTime.UtcNow); } public virtual string GetPassword(DateTime iterationTime) { return base.GetPassword(this.GetIterationNumber(iterationTime)); } public virtual long GetIterationNumber(DateTime iterationTime) { return (long)((iterationTime - this.epoch).TotalSeconds / this.timeStep); } } public static class DateTimeHelper { /// <summary> /// The base DateTime. /// </summary> public static readonly DateTime UnixEpoch = new DateTime(1970, 1, 1); /// <summary> /// Converts a unixtime into a DateTime. /// </summary> /// <param name="timestamp">The unixtime to convert.</param> /// <returns>An equivalent datetime for the given unixtime.</returns> public static DateTime FromUnixTime(double timestamp) { return UnixEpoch.AddSeconds(timestamp); } /// <summary> /// Converts a DateTime to a unixtime. /// </summary> /// <param name="dateTime">The datetime to convert.</param> /// <returns>An equivalent unixtime for the given datetime.</returns> public static double ToUnixTime(DateTime dateTime) { TimeSpan timeSpan = dateTime - UnixEpoch; return timeSpan.TotalSeconds; } /// <summary> /// Returns the first day of the week for a given datetime. /// </summary> /// <param name="dateTime">The given datetime.</param> /// <returns>The first day of the week.</returns> public static DateTime FirstDayOfWeek(DateTime dateTime) { if (dateTime.DayOfWeek == DayOfWeek.Sunday) { dateTime = dateTime.AddDays(-7); } return dateTime.AddDays(-Convert.ToInt32(dateTime.DayOfWeek) + 1); } /// <summary> /// Returns the last day of the week for a given datetime. /// </summary> /// <param name="dateTime">The given datetime.</param> /// <returns>The last day of the week.</returns> public static DateTime LastDayOfWeek(DateTime dateTime) { if (dateTime.DayOfWeek == DayOfWeek.Sunday) { dateTime = dateTime.AddDays(-7); } return new DateTime(dateTime.Year, dateTime.Month, dateTime.Day).AddDays(7 - Convert.ToInt32(dateTime.DayOfWeek)); } /// <summary> /// Returns the first day of the month of a given datetime. /// </summary> /// <param name="dateTime">The given datetime.</param> /// <returns>The first day of the month.</returns> public static DateTime FirstDayOfMonth(DateTime dateTime) { return new DateTime(dateTime.Year, dateTime.Month, 1); } /// <summary> /// Returns the last day of the month for a given datetme. /// </summary> /// <param name="dateTime">The given datetime.</param> /// <returns>The last day of the month.</returns> public static DateTime LastDayOfMonth(DateTime dateTime) { return new DateTime(dateTime.Year, dateTime.Month, DateTime.DaysInMonth(dateTime.Year, dateTime.Month)); } } On Thu, Apr 21, 2011 at 6:34 PM, Yoz Grahame <y...@lindenlab.com> wrote: > We've long thought about something like this, but it's currently low on the > priority list. > > For it to be really useful, it needs to work for viewer login; however, > *that* needs web-triggered viewer login (as in, your authentication happens > in an external browser window first, and then the viewer logs you straight > in) otherwise you're forced to auth with your OpenID OP in the viewer > window, and that's the classic Password Anti-Pattern*. > > Also, *if* we ever do this, we'd probably target Google and Facebook login > first, though I *think* that Google Auth uses OpenID so we might get > everything in one shot. (There's a multiple-orders-of-magnitude difference > between those who'd use Google/Facebook auth and those who even know what > OpenID is) > > In principle, I know of no reason why we wouldn't want this. We use OpenID > and OAuth in various places already, and anything that makes it easier for > people to authenticate securely is a Good Thing. However, we need to be > convinced that there are major wins here before it can pushed up in the > priorities. > > * > http://www.designingsocialinterfaces.com/patterns/The_Password_Anti-Pattern > > On 21 April 2011 22:52, Brandon Husbands <xot...@gmail.com> wrote: > >> Any thoughts to being able to link your SL account to an open id identity >> server? >> >> -- >> >> ------------------------------------------------------------------------------------------------------------------------------- >> This email is a private and confidential communication. Any use of email >> may be subject to the laws and regulations of the United States. You may not >> Repost, Distribute nor reproduce any content of this message. >> >> ------------------------------------------------------------------------------------------------------------------------------- >> >> ------------------------------------------------------------------------------------------------------------------------------- >> >> _______________________________________________ >> Policies and (un)subscribe information available here: >> http://wiki.secondlife.com/wiki/OpenSource-Dev >> Please read the policies before posting to keep unmoderated posting >> privileges >> > > -- ------------------------------------------------------------------------------------------------------------------------------- This email is a private and confidential communication. Any use of email may be subject to the laws and regulations of the United States. You may not Repost, Distribute nor reproduce any content of this message. ------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------
_______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
