{"id":21147906,"url":"https://github.com/thinkalexandria/boringauth","last_synced_at":"2025-07-09T07:33:23.279Z","repository":{"id":57522857,"uuid":"93332395","full_name":"ThinkAlexandria/BoringAuth","owner":"ThinkAlexandria","description":"Straightforward password, passphrase, TOTP, and HOTP user authentication","archived":false,"fork":false,"pushed_at":"2019-10-11T15:08:57.000Z","size":218,"stargazers_count":57,"open_issues_count":3,"forks_count":10,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-11-07T23:57:20.007Z","etag":null,"topics":["2fa","2factor","hotp","oath","password-store","security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ThinkAlexandria.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-06-04T18:11:48.000Z","updated_at":"2024-10-23T12:15:22.000Z","dependencies_parsed_at":"2022-08-28T08:11:50.097Z","dependency_job_id":null,"html_url":"https://github.com/ThinkAlexandria/BoringAuth","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThinkAlexandria%2FBoringAuth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThinkAlexandria%2FBoringAuth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThinkAlexandria%2FBoringAuth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThinkAlexandria%2FBoringAuth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ThinkAlexandria","download_url":"https://codeload.github.com/ThinkAlexandria/BoringAuth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225507928,"owners_count":17483515,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","2factor","hotp","oath","password-store","security"],"created_at":"2024-11-20T09:19:12.089Z","updated_at":"2024-11-20T09:19:12.774Z","avatar_url":"https://github.com/ThinkAlexandria.png","language":"Rust","readme":"# BoringAuth\n\n[![Build Status](https://api.travis-ci.org/ThinkAlexandria/boringauth.svg?branch=master)](https://travis-ci.org/breard-r/boringauth)\n[![BoringAuth on crates.io](https://img.shields.io/crates/v/boringauth.svg)](https://crates.io/crates/boringauth)\n\nBoringAuth is a collection of tools for user authentication. BoringAuth is a fork\nof [LibreAuth](https://github.com/breard-r/libreauth) that chooses to use the\nactively developed **ring** crypto crate over the dead **rust-crypto** crate for\nits crypto primitives.\n\n\nRing compatibility chart.\n\n| BoringAuth | Ring |\n| ------ | ------ |\n| v0.6.4 | 0.12 |\n| v0.7.0 | 0.13 |\n\n## Features\n\n- Password / passphrase authentication\n  - [x] no character-set limitation\n  - [x] reasonable lenth limit ([security vs. DOS](http://arstechnica.com/security/2013/09/long-passwords-are-good-but-too-much-length-can-be-bad-for-security/))\n  - [x] strong, evolutive and retro-compatible password derivation functions\n  - [x] crypt() compatibility\n- HOTP - HMAC-based One-time Password Algorithm ([OATH](http://www.openauthentication.org/) - [RFC 4226](https://tools.ietf.org/html/rfc4226))\n  - [x] the key can be passed as bytes, an ASCII string, an hexadicimal string or a base32 string\n  - [x] customizable counter\n  - [x] customizable hash function (sha1, sha256, sha512)\n  - [x] customizable output length\n  - [x] customizable output alphabet\n- TOTP - Time-based One-time Password Algorithm ([OATH](http://www.openauthentication.org/) - [RFC 6238](https://tools.ietf.org/html/rfc6238))\n  - [x] the key can be passed as bytes, an ASCII string, an hexadicimal string or a base32 string\n  - [x] customizable timestamp\n  - [x] customizable period\n  - [x] customizable initial time (T0)\n  - [x] customizable hash function (sha1, sha256, sha512)\n  - [x] customizable output length\n  - [x] customizable output alphabet\n  - [x] customizable positive and negative period tolerance\n- YubiKey OTP ([Yubico](https://developers.yubico.com/OTP/))\n  - [ ] virtual device API\n  - [ ] client API\n  - [ ] server API\n- U2F - Universal 2nd Factor ([FIDO Alliance](https://fidoalliance.org/specifications/download/))\n  - [ ] virtual device API\n  - [ ] client API\n  - [ ] server API\n\n\n## Using within a Rust project\n\nYou can find BoringAuth on [crates.io](https://crates.io/crates/boringauth) and include it in your `Cargo.toml`:\n\n```toml\nboringauth = \"*\"\n```\n\n\n## Using outside Rust\n\nIn order to build BoringAuth, you will need both the [rust compiler](https://github.com/rust-lang/rust) and [cargo](https://github.com/rust-lang/cargo).\n\n```ShellSession\n$ git clone https://github.com/ThinkAlexandria/boringauth.git\n$ cd boringauth\n$ make\n$ make install prefix=/usr\n```\n\n\n## Quick examples\n\n\n### Rust\n\n\n```rust\nextern crate boringauth;\nuse boringauth::oath::TOTPBuilder;\n\nlet key = \"GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ\".to_string();\nlet code = TOTPBuilder::new()\n    .base32_key(\u0026key)\n    .finalize()\n    .unwrap()\n    .generate();\nassert_eq!(code.len(), 6);\n```\n\n### C\n\n```C\n#include \u003cstdio.h\u003e\n#include \u003cboringauth.h\u003e\n\nint main(void) {\n  struct boringauth_totp_cfg cfg;\n  char   code[7], key[] = \"12345678901234567890\";\n\n  if (boringauth_totp_init(\u0026cfg) != LIBREAUTH_OTP_SUCCESS) {\n    return 1;\n  }\n  cfg.key = key;\n  cfg.key_len = sizeof(key);\n  if (boringauth_totp_generate(\u0026cfg, code) != LIBREAUTH_OTP_SUCCESS) {\n    return 2;\n  }\n\n  printf(\"%s\\n\", code);\n\n  return 0;\n}\n```\n\n```ShellSession\n$ cc -o totp totp.c -lboringauth\n$ ./totp\n848085\n```\n\n### Python\n\n```Python\nfrom ctypes.util import find_library\nfrom struct import Struct\nfrom ctypes import *\n\nclass TOTPcfg(Structure):\n    _fields_ = [\n        ('key', c_char_p),\n        ('key_len', c_size_t),\n        ('timestamp', c_longlong),\n        ('period', c_uint),\n        ('initial_time', c_ulonglong),\n        ('output_len', c_size_t),\n        ('output_base', c_char_p),\n        ('output_base_len', c_size_t),\n        ('hash_function', c_int),\n    ]\n\ndef get_totp():\n    key = b'12345678901234567890'\n    lib_path = find_library('boringauth') or 'target/release/libboringauth.so'\n    lib = cdll.LoadLibrary(lib_path)\n    cfg = TOTPcfg()\n    if lib.boringauth_totp_init(byref(cfg)) != 0:\n        return\n    cfg.key_len = len(key)\n    cfg.key = c_char_p(key)\n    code = create_string_buffer(b'\\000' * cfg.output_len)\n    if lib.boringauth_totp_generate(byref(cfg), code) != 0:\n        return\n    return str(code.value, encoding=\"utf-8\")\n\nif __name__ == '__main__':\n    code = get_totp()\n    print('{}'.format(code))\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthinkalexandria%2Fboringauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthinkalexandria%2Fboringauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthinkalexandria%2Fboringauth/lists"}