Re: [webauthn] Proposal/discussion: non-extractable CryptoKey output from the prf extension (#1895) from Emil Lundberg via GitHub on 2023-06-07 (public-webauthn@w3.org from June 2023)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 07 Jun 2023 10:34:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1580470326-1686134092-sysbot+gh@w3.org>

I think what @agl is saying is that because the PRF extension adds a prefix to the input salt, a future update of the PRF extension could add a new feature that uses a different prefix and returns a `CryptoKey` instead of a raw `ByteBuffer`. This would prevent the downgrade attack @MasterKale describes: if a script injection disables the `CryptoKey` setting, then the resulting `ByteBuffer` would contain a different result than the intended `CryptoKey` result, because the two are domain-separated by using different prefixes. (But @MasterKale is right that such a downgrade attack would work if there is no such domain separation.)

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1895#issuecomment-1580470326 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 7 June 2023 10:34:56 UTC