This time on Hak5, Shannon checks out Authy - the Open Source Cross Platform 2-Factor Authentication system. Then, Darren shows off a fan-submitted Open Source Online USB Rubber Ducky encoder using Ruby on Rails. Thanks Trey! All that and more, this time on Hak5!
Open Source RoR Duck Encoder
Open Source USB Rubber Ducky Web Encoder by Trey
apt-get install curl
\curl -sSL https://get.rvm.io | bash -s stable --rails
git clone https://github.com/tresacton/DuckEncoder.git
gem install turbolinks -v '2.5.2'
gem install execjs
gem install therubyracer
sudo apt-get install nodejs
rails s -p 8000
Authy is open source, available for iOS, Android, Mac, Linux, Windows, and Blackberry operating systems and mobile phones. It allows you to use two-factor authentication on all your devices in an easy and "fun" way.
Setup on phone: Asks for cell phone number and email. It'll verify via phone call or text with a PIN code you type in, then you can add accounts. When you first add an account, it'll ask you if you want to store encrypted copy of your accts, so upgrading or losing phone, you can restore them. From there, simply start adding accounts that allow code generator authentication apps.
Authy App, w/ secure cloud backups, can use on multiple devices, offline generation, supports many major sites (Facebook, Dropbox, Amazon, Gmail, etc), can protect Bitcoins.
Supports 256 bit keys, HOTP, and HMAC RFC 4426, can also do Bluetooth login if your computer supports Bluetooth.
Chrome extension still requires you to HAVE YOUR PHONE to set it up, something you know and something you have - after that you can access 2FA on your computer, no need for phone.
Devs: API is open source on github. so you can add Authy to your own sites.
Please watch: "Bash Bunny Primer - Hak5 2225"