- From: Kyle Simpson via GitHub <noreply@w3.org>
- Date: Sat, 20 Dec 2025 05:55:57 +0000
- To: public-webauthn@w3.org
Here's a slightly pared down/simplified version of my code:
```js
const FAKE_ID_LENGTHS = [ 16, 20, 32, 32 ];
const TRANSPORT_SETS = [
[ "internal", ],
[ "internal", "hybrid", ],
[ "internal", "hybrid", "nfc", "ble", ],
[ "internal", "usb", ],
];
function getFakeCredentials(email,secretKeyB64) {
var secret = Buffer.from(secretKeyB64,"base64");
var bytes = (
createHmac("sha256",secret)
.update("webauthn-fake-data\0","utf8")
.update(email,"utf8")
.digest()
);
var countBits = (bytes[0] & 0b00000011);
var fakeCredCount = (countBits === 3 ? 1 : (countBits + 1));
var credentials = [];
for (let i = 0; i < fakeCredCount; i++) {
// per-credential variability bits
let b = bytes[i + 1];
// vary credential ID length
let idLen = FAKE_ID_LENGTHS[(b >>> 6) & 0b11];
credentials.push({
credentialID: (
createHmac("sha256",secret)
.update(
`webauthn-fake-credential\0${email}\0${i}`,
"utf8"
)
.digest()
.subarray(0,idLen)
.toString("base64")
),
discoverable: !!(b & 0b00000100),
transports: TRANSPORT_SETS[(b >>> 4) & 0b00000011],
credentialBackup: !!(b & 0b00001000),
});
}
return credentials;
}
```
--
GitHub Notification of comment by getify
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1246#issuecomment-3677425943 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 20 December 2025 05:55:58 UTC