Re: [webauthn] Is android safety net nonce the same as web authnn challenge? (#1413) from Adam Langley via GitHub on 2020-05-27 (public-webauthn@w3.org from May 2020)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 May 2020 23:08:28 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-634990721-1590620907-sysbot+gh@w3.org>

A nonce, in cryptography, is generally used to prove freshness: by incorporating a random value chosen by the verifier, it's possible to convince the verifier that a response was generated after that random number was generated. SafetyNet works this way and the challenge in WebAuthn can certainly be used in this way too.



-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1413#issuecomment-634990721 using your GitHub account

Received on Wednesday, 27 May 2020 23:08:30 UTC