W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2020

Re: [webauthn] Is android safety net nonce the same as web authnn challenge? (#1413)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 May 2020 23:08:28 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-634990721-1590620907-sysbot+gh@w3.org>
A nonce, in cryptography, is generally used to prove freshness: by incorporating a random value chosen by the verifier, it's possible to convince the verifier that a response was generated after that random number was generated. SafetyNet works this way and the challenge in WebAuthn can certainly be used in this way too.



-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1413#issuecomment-634990721 using your GitHub account
Received on Wednesday, 27 May 2020 23:08:30 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC