Sunday, 01 September 2024 03:45:54 WIB | tags: security, python

Imagine you’re trying to log in to your mobile app. You enter your password, but instead of being let in right away, you get a message saying, “Please enter the code we just sent to your phone number.” That code is an example of a One-Time Password, or OTP. It’s like a secret handshake that only you and your mobile app know at that moment, making sure it’s really you trying to access your account. In a world where security is more important than ever, OTPs have become the go-to method for keeping our digital lives safe, one code at a time.

In my bachelor’s thesis, I researched virtual passwords which will generate a random password by taking the user’s initial password as its seed, converting each character into 1-2 random alphanumeric characters, and using the converted password to validate the user’s login password. This converted password will be re-randomised again on each login attempt and thus generates a dynamic password during the login process. While the concepts of my past research are similar, I want to demystify the world’s most popular factor in MFA: OTP. In the process, I also fixed a minor bug in a Python library: PyOTP, which allows users to use a non-proper hashing function that will trigger IndexError on OTP generation.

Continue read

Sunday, 25 August 2024 01:13:44 WIB | tags: tips, python, gcp

Ever wondered how to pull together a VM inventory when you've got a bunch of VMs? I’ve found myself asking this question a few times, so I decided to check out a few tools that might help. This post is the first in a series where I'll dive into different ways to gather basic VM info, like hostname and OS version. In this first post, I will use Paramiko library in Python application and see how I can use this to solve my problem. In the exploration, I will deploy 3 VMs in a cloud environment, which consists of one main server and two client servers.

Continue read

Friday, 26 July 2024 00:00:58 WIB | tags: tips, gcp, security

Early last year, I spent my Chinese New Year long holiday with something productive: pursuing the learning path for Google Professional Cloud Security Engineer (PCSE). While I did that, I compiled my learning process along with some useful resources related to the exam, stored deep in a multi-layered folder somewhere in my Google Drive. One and a half years later --last Sunday--, I stumbled upon this note and thought: this might help whoever to conquer the PCSE exam. Although the modules might be different today, the big concept should stay relevant.

PCSE certification validates your expertise in designing, implementing, and managing secure workloads on Google Cloud Platform (GCP). This certification demonstrates your ability to safeguard sensitive data and ensure regulatory compliance within the GCP ecosystem.

Continue read

Tuesday, 23 July 2024 02:41:56 WIB | tags: game, tips, windows

I've been playing Football Manager for the past two years with all the leagues around the world activated, my RAM usage has skyrocketed. This also caused my Drive D usage (not storage) to spike to 100%. I thought it was because my custom files and saves were all on Drive D, so I just let it be until my HDD finally died at the end of last year.

Fast forward to the beginning of this year, I've been having a blast playing Cities Skylines. Initially, I was playing with minimal mods (pre-loading took about 10 minutes). But lately, I've been wanting to create custom cities with an Indonesian vibe, so I've downloaded a ton of mods. This, however, caused my RAM and HDD usage to hit 100% again, and pre-loading now takes around 17 minutes.

Continue read

Tuesday, 28 January 2020 22:17:48 WIB | tags: paper, portfolio, research

My very first (and second) copyrights have finally been issued by Indonesian Ministry of Law and Human Rights! Together with my supervisors in university, Pak Parman and Pak Jadied, we implemented the virtual password authentication system from our previous research into the web application. Also thanks to HKI Clinic of Telkom University who made this possible. So, am I a legit inventor now?
- Program Komputer Hardening The Virtual Password (NopohoProtect) - e-hak cipta 
- Program Komputer Virtual Password In Hashed Domain (NopohoSecure) - e-hak cipta 


Page 1 of 26
Faiz Rahiemy's Notebook since 2009 until now