W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2020

Re: [webauthn] Is android safety net nonce the same as web authnn challenge? (#1413)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 May 2020 23:08:28 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-634990721-1590620907-sysbot+gh@w3.org>
A nonce, in cryptography, is generally used to prove freshness: by incorporating a random value chosen by the verifier, it's possible to convince the verifier that a response was generated after that random number was generated. SafetyNet works this way and the challenge in WebAuthn can certainly be used in this way too.

GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1413#issuecomment-634990721 using your GitHub account
Received on Wednesday, 27 May 2020 23:08:30 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC