Since March this year (2023), Github has started to force users to enable two-step verification 2FA (two-factor) login verification, undoubtedly for security reasons, after all, once a Github account is stolen, all code repositories will be destroyed. For the necessity of two-factor login, please refer to: Don\'t let your server (vps) become a botnet (ssh brute force crack), key verification and two-way factor login are worth having. In simple terms, two-factor login is a measure to prove "you are yourself" through a third-party device. Github officially recommends downloading 1Password, Authy, Microsoft Authenticator and other APPs on the mobile side to verify by scanning the code. In fact, it is not so troublesome. This time we will implement two-factor login verification through Python/Golang code. TOTP algorithm Time-based One-Time Password (TOTP) is a time-based one-time password algorithm used to enhance identity authentication security. TOTP is based on the HMAC (Hash-based Message Authentication Code) algorithm and timestamp to generate one-time passwords. The user and server share a secret key, usually exchanged during initial authentication. Based on this key, the server generates an initial value for verification. At each time step (usually 30 seconds), based on the current timestamp and shared secret key, an HMAC algorithm is used to generate a hash value. Then, a dynamic password of fixed length is extracted from the hash value. This dynamic password is valid within the set time step, after which it will automatically expire. When authenticating, the user needs to enter the dynamic password generated within the current time step. The server will use the same…

Today let's take an in-depth look at SSL, TLS and mTLS and other important communication security protocols. Although from a holistic systems design perspective, this topic may not be mission critical, it is still worth our time to understand it thoroughly. 1. SSL Protocol SSL, or Secure Socket Layer, is a protocol that aims to encrypt and secure the safety of internet communications. Although it first emerged in 1995, it has since been replaced by the later Transport Layer Security (TLS) protocol. The advent of SSL marked a focus on security for internet communications. In the early days, data on networks was transmitted in plaintext, making sensitive information vulnerable to eavesdropping and tampering. SSL effectively solved this problem by introducing strong data encryption and authentication mechanisms, providing robust protection for user privacy and data integrity. 2. Why Still Called SSL Certificates? Although SSL is deprecated, most major certificate authorities still refer to their certificates as SSL certificates. This is due to legacy conventions around naming that still persist. Also, many sites and systems still use SSL certificates, so the naming convention still has practical meaning. 3. The Importance of SSL The importance of SSL cannot be understated. Its advent completely changed the security paradigm for internet communications, fundamentally enhancing the security of data transmission. On the internet, data can travel between thousands of nodes, and SSL ensures it is difficult to steal or tamper with by encrypting the data stream. This security provided a solid foundation for online banking, e-commerce, and various other online applications. 4. Transport Layer Security (TLS)…