166934a526 | 2 years ago | |
---|---|---|
.gitignore | 2 years ago | |
README.md | 2 years ago | |
raps.py | 2 years ago |
README.md
RAPS - Remote Admin Password Solution
A little play on M$ LAPS.
This tool is designed to work similar to an OTP app: it generates rotating passwords based on a shared secret.
Use case
You have some external contractor that needs access to your systems every now and then, but password policy sometimes makes it impossible for them to login. RAPS can be set up on your server to automatically set a new complex password on the first of the month.
Your contractor then executes the RAPS script and gets the same password.
How it works
On the first run, a shared secret is generated. This secret must be passed to the other party securely.
To generate a password, the secret is concatenated with the UNIX timestamp of the first day of the month. This combined value gets hashed with SHA256, the resulting hash is used to seed the RNG.
Since the secret and timestamps are the same for both parties, they will have the same SHA256 hash and generate identical passwords.