mirror of
https://github.com/Yubico/yubikey-val.git
synced 2025-02-01 10:52:18 +01:00
Dain Nilsson
1b2dfd136c
Use constant time string comparisson for validating HMAC signature
(fixes #26).
YubiKey OTP Validation Server ============================= The YubiKey Validation Server (YK-VAL) is a server that validates Yubikey One-Time Passwords (OTPs). YK-VAL is written in PHP, for use behind web servers such as Apache. License ------- The project is licensed under a BSD license. See the file COPYING for exact wording. For any copyright year range specified as YYYY-ZZZZ in this package note that the range specifies every single year in that closed interval. General ------- The server implements the Yubico API protocol as defined in doc/ValidationProtocol* and further documentation is also available in the doc/ subdirectory. This server talks to a KSM service for decrypting the OTPs, to avoid storing any AES keys on the validation server. One implementation of this service is the YubiKey-KSM -- https://developers.yubico.com/yubikey-ksm/ -- and another implementation using the YubiHSM hardware is PyHSM: https://developers.yubico.com/python-pyhsm/ Note that version 1.x is a minimal centralized server. Version 2.x is a replicated system that uses multiple machines.
Description
Languages
PHP
78.8%
Roff
12.6%
Makefile
4.2%
Perl
3.1%
Shell
1.3%