Re: [webauthn] Define 1024 bytes to be the maximum credential ID length. (#1664) from Emil Lundberg via GitHub on 2021-09-09 (public-webauthn@w3.org from September 2021)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 09 Sep 2021 13:25:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-916089235-1631193909-sysbot+gh@w3.org>

@MasterKale Let's estimate an upper limit. A [Public Key Credential Source](https://www.w3.org/TR/2021/WD-webauthn-3-20210427/#public-key-credential-source) consists of:

- **type** which can probably be encoded as a single byte, or not at all.
- **id** whose max size is being discussed here.
- **privateKey** whose size depends on the algorithm. As far as I know, 4096-bit RSA keys are the largest keys currently seeing widespread use, so keys larger than 512 bytes seem unlikely in practice.
- **rpId** for which I'm not sure there is a theoretical max length, but if you're embedding all this data into the credential ID it's probably not a discoverable key. For non-discoverable keys you really only need to be able to _verify_ the the `rpId`, which you can instead do with a MAC since the `rpId` will be passed as a parameter at authentication time. HMAC-SHA256 generates 32 bytes long MACs, which should be more than enough entropy for the purpose. And you should already have a MAC anyway to make the credential ID as a whole immutable.
- **userHandle** which has a defined max length of 64 bytes.
- **otherUI** which is technically open-ended, but likely contents are `rp.name`, `user.name` and `user.displayName`, each of which MAY be truncated to 64 bytes.

So all in all that would be 1 + 512 + 32 + 64 + 3*64 = **801 bytes** if the authenticator chooses to encode _everything_ into the credential ID (apart from the credential ID itself). So a 1023 limit still leaves a spare 222 bytes for longer `otherUI` if desired, a longer MAC, or key sizes up to 5872 bits. And with a smaller key, like a 256-bit elliptic curve key, you'll only need **321 bytes**, with 702 spare bytes left over.

(Maybe you'll also need a few more bytes to encode the key algorithm and some value lengths, but that's mostly insignificant in comparison.)

--
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1664#issuecomment-916089235 using your GitHub account

--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 9 September 2021 13:25:13 UTC