- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Fri, 07 Dec 2018 15:23:53 +0000
- To: public-webauthn@w3.org
For the record: although length is a necessary condition for enough entropy, it's not a sufficient condition. For example, setting the challenge to `"AAAAAAAAAAAAAAAA"` always would satisfy the 16 byte recommendation but contain 0 bits of entropy. That doesn't mean that enforcement by the client is completely useless, of course - it could be an effective way to catch trivial mistakes - but it does make it less useful. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1115#issuecomment-445265906 using your GitHub account
Received on Friday, 7 December 2018 15:23:54 UTC