- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Tue, 21 Feb 2023 14:21:20 +0000
- To: public-webauthn@w3.org
> Does there remain some other need to have the challenge be truly and fully random that would preclude such use? If not, would such a token need to include some sort of nonce to increase its entropy? Right, the challenge doesn't necessarily need to be _fully_ random, just contain enough entropy to be practically impossible to predict. So yes, I would recommend explicitly mixing in a 16-byte or longer random nonce to make sure of that. Assuming that by "let the crypto-token _be_ the challenge" you meant the whole JWT including the signature, the signature probably would be enough entropy already - _BUT!_ that assumes the signature algorithm uses a random nonce. Not all signature algorithms do - for example, HMAC has no internal nonce at all, and deterministic ECDSA derives the nonce from the input to be signed. So it's safest to mix in some additional entropy to be sure, in case you change the signature algorithm later. > I think it would be quite weird if the login-prompt mysteriously stopped working just because the user leaves it alone for 15 minutes, and I would assume that that's what the link I referred to above means when it says "This is because removing the credentials from the autofill list at an arbitrary time would make for poor UX". Agreed, but you can work around this by periodically refreshing the challenge and using an [abort signal](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-abortoperation) to cancel the timed-out conditional WebAuthn request and restart it with the new challenge. This could make for a poor UX if the user happens to be interacting with the conditional UI right then, but that seems fairly unlikely to me. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1856#issuecomment-1438575614 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 21 February 2023 14:21:21 UTC