My1

## hmac-secret-demo.html
<!doctype html>
<html lang="en">
  <head>
    <!--
    inspired by Mozilla Webauthn documentation: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
    copyright: 2019 Nicolas Mora <nicolas@babelouest.org>
    license: MIT
    -->
    <title>Hmac-Secret webauthn Extension</title>
    <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/cbor-js-unofficial@0.1.0-a4/cbor.min.js"></script>

## dicekey-wordlist-14400.txt
AB1N	a
AB1E	aah
AB1S	abacus
AB1W	abide
AB2N	able
AB2E	abroad
AB2S	absurd
AB2W	acadia
AB3N	ace
AB3E	aced

## AuthyToOtherAuthenticator.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                My1
                / AuthyToOtherAuthenticator.md
            
            
              Created
              January 8, 2021 15:52
                — forked from gboudreau/AuthyToOtherAuthenticator.md
            
              
                Export TOTP tokens from Authy
              
          
    Generating Authy passwords on other authenticators


There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.
Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes for you to use on your favorite authenticator.
His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that Brian used the

  
## keys signature
BEGIN MESSAGE.
LMaDc9Nz3FMfsfk mWOqJUOL21AsBtj edoVStoOERtxjGB CHRsNVwN6Rvfawp
cFgS4Nx0VCknA5G CNAjALLywgZTCKq 6Xr2MZHgg4ixAWO 8xSqfXZA7t2i3rp
CQVaMrbOURcEUDu VTMjKRQOdTIYklj wAOLiChq6Cdf1ga blMhoKl1aeTDICF
CdX6Mx6fLEjmj74 GoT2LYkqulHQsmr gsf.
END MESSAGE.

## blowuprks.php
<?php
$dbhost="use";
$dbname="your";
$dbuser="own";
$dbpass="database";
$table="table";

function bin2uuid($bin) {
    $uuidReadable = unpack("H*",$bin);
    $uuidReadable = preg_replace("/([0-9a-f]{8})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{12})/", "$1-$2-$3-$4-$5", $uuidReadable);

## minify.php
<?php
// specify your css-files and their order here
$cssFiles = array(
  'normalize.css', 'style.css', 'print.css', 'colorbox.css'
);
// the file to write the compressed css to
$minFileName = 'minified.css';

// thats all, just call this file in your browser and it will
// build you a minimized css-file. then just link to this single

## gmail stylish.css
/*!
Written by My1 (github.com/My1, twitter.com/My1xT, blog.my1.tech

you can use, modify, share, etc. this little piece of code but please keep this comment. (basically a CC-BY)
*/


body, td, input, textarea, select {  /* force fonts */
	font-family: arial, sans-serif;
}

## gist:615843f53ff4fb6d2573
wait a sec I have to intervene. firefox just shows a warning page but when you trust the lock turns green and everything is ncie. chrome instead makes it red and slashes out the https.

the problem is really that users need to be aware of a possible false sense of security and I think that users shouldnt carelessly connect to a self signed cert (unless it is DANE'd)

while with unencrpyted the user sees "okay it's not encrypted, better be careful", but many people get a false sense of security from the lock (the reason why FF4-13 removed the lock, which was quite an intresting idea in my opinion.

I would maybe instead of crossing the lock, throw a question mark next to it (as in the fact that the real identity of the key is unknown)

throwing that intermediate page should maybe be a little bit more neutral, similar to ssh connection dialogs, but then SSHing people usually have a bit more knowledge than the average user.

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                My1
                / keybase.md
            
            
              Created
              February 10, 2017 09:28
            
          
    Keybase proof

I hereby claim:

I am My1 on github.
I am my1 (https://keybase.io/my1) on keybase.
I have a public key whose fingerprint is 5BE1 825C 1ECD 3A6F 8222  956C 9A1B 0068 DA1C 4748

To claim this, I am signing this object:
	<!doctype html>
	<html lang="en">
	<head>
	<!--
	inspired by Mozilla Webauthn documentation: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
	copyright: 2019 Nicolas Mora <nicolas@babelouest.org>
	license: MIT
	-->
	<title>Hmac-Secret webauthn Extension</title>
	<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/cbor-js-unofficial@0.1.0-a4/cbor.min.js"></script>
	AB1N a
	AB1E aah
	AB1S abacus
	AB1W abide
	AB2N able
	AB2E abroad
	AB2S absurd
	AB2W acadia
	AB3N ace
	AB3E aced
	BEGIN MESSAGE.
	LMaDc9Nz3FMfsfk mWOqJUOL21AsBtj edoVStoOERtxjGB CHRsNVwN6Rvfawp
	cFgS4Nx0VCknA5G CNAjALLywgZTCKq 6Xr2MZHgg4ixAWO 8xSqfXZA7t2i3rp
	CQVaMrbOURcEUDu VTMjKRQOdTIYklj wAOLiChq6Cdf1ga blMhoKl1aeTDICF
	CdX6Mx6fLEjmj74 GoT2LYkqulHQsmr gsf.
	END MESSAGE.
	<?php
	$dbhost="use";
	$dbname="your";
	$dbuser="own";
	$dbpass="database";
	$table="table";

	function bin2uuid($bin) {
	$uuidReadable = unpack("H*",$bin);
	$uuidReadable = preg_replace("/([0-9a-f]{8})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{12})/", "$1-$2-$3-$4-$5", $uuidReadable);
	<?php
	// specify your css-files and their order here
	$cssFiles = array(
	'normalize.css', 'style.css', 'print.css', 'colorbox.css'
	);
	// the file to write the compressed css to
	$minFileName = 'minified.css';

	// thats all, just call this file in your browser and it will
	// build you a minimized css-file. then just link to this single
	/*!
	Written by My1 (github.com/My1, twitter.com/My1xT, blog.my1.tech

	you can use, modify, share, etc. this little piece of code but please keep this comment. (basically a CC-BY)
	*/


	body, td, input, textarea, select { /* force fonts */
	font-family: arial, sans-serif;
	}
	wait a sec I have to intervene. firefox just shows a warning page but when you trust the lock turns green and everything is ncie. chrome instead makes it red and slashes out the https.

	the problem is really that users need to be aware of a possible false sense of security and I think that users shouldnt carelessly connect to a self signed cert (unless it is DANE'd)

	while with unencrpyted the user sees "okay it's not encrypted, better be careful", but many people get a false sense of security from the lock (the reason why FF4-13 removed the lock, which was quite an intresting idea in my opinion.

	I would maybe instead of crossing the lock, throw a question mark next to it (as in the fact that the real identity of the key is unknown)

	throwing that intermediate page should maybe be a little bit more neutral, similar to ssh connection dialogs, but then SSHing people usually have a bit more knowledge than the average user.