Re: [webauthn] Clarity on challenge length (#1803) from Emil Lundberg via GitHub on 2022-09-26 (public-webauthn@w3.org from September 2022)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 26 Sep 2022 11:41:29 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1257902620-1664192488-sysbot+gh@w3.org>

Duplicate of #1115. Length alone is necessary but far from sufficient to make a secure challenge. I'm not sure that enforcing a min/max length helps more than it hurts - it could easily be misinterpreted to mean you're good as soon as you don't get an error message from the browser.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1803#issuecomment-1257902620 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 26 September 2022 11:41:31 UTC