W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Sign counter alg 507

From: Jakob Ehrensvard via GitHub <sysbot+gh@w3.org>
Date: Fri, 08 Sep 2017 22:51:53 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-328231832-1504911104-sysbot+gh@w3.org>
I recall someone (could it be Intel ?) considered using something like a 32-bit time_t value for the "counter" and we had a meta-discussion some time back what the strict interpretation of "monotonic" was. Instead of providing a monotonically incrementing counter, the current timestamp is used instead. It does indeed provides "ever increasing numbers".

Obviously, a U2F device will never ever be able to create a counter value even close to to a million or so (assuming silent authentication is potentially used). So just using the lower 31 bits seems sensible to me (implicitly allowing for the value 0x00000000).

I don't understand the notation of negative counter values. A counter starting at 0 cannot possibly be seen as monotonic if it's considered to be allowed to wrap into negative numbers (reaching 0x7fffffff). The value is a 32-bit unsigned number. We simply postulated in U2F that 16-bits was too low (64k) for the lifetime of a token and therefore went with a 32-bit value. Problem solved.

So, if the time_t approach was seen as legitimate, we'll get values with MSB set by now. 


-- 
GitHub Notification of comment by jehrensvard
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-328231832 using your GitHub account
Received on Friday, 8 September 2017 22:51:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC