Factoring Macaroons: Building phish and MITM-proof decentralized two-factor auth

BSidesDE 2016

Presented by: Jonathan Rudenberg
Date: Friday October 07, 2016
Time: 15:00 - 15:50
Location: DAC 301-302
Track: Track 2

Macaroons are bearer credentials that implement flexible, cryptographically sound authorization and enable fast, stateless enforcement of arbitrary authorization policies without phoning home to single sign-on or other auth servers.

FIDO Universal Second Factor (U2F) is a widely deployed open standard for simple and inexpensive cryptographic hardware devices that provides an easy second factor for authentication.

This talk will provide an introduction to Macaroons and U2F, explain their cryptographic construction, and describe an open source project that combines them to provide an authentication and authorization system that completely eliminates phishing and defends against man-in-the-middle attacks.

Jonathan Rudenberg

Jonathan leads development of Flynn, an open source platform as a service that hosts apps and databases. Before starting Flynn, Jonathan was a security consultant, participated in various bug bounty programs, and co-architected Tent, an open, decentralized, communication and storage protocol.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats