Re: [webauthn] Consider allowing authenticators to randomise signed hashes.

In any case, putting this in an extension is highly problematic because extensions are optional, and a side-channel defense that the attacker can choose to deny to the token isn't useful.

Repurposing the signature counter seemed like a solid win because we eliminate the counter (which I believe would be positive) and can use those bytes for optional randomisation. However, it all depends on eliminating the signature counter, and enough people seem to believe that it still has value.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/453#issuecomment-327306174 using your GitHub account

Received on Tuesday, 5 September 2017 21:17:24 UTC