They continue doing the key wrapping with HMAC for U2F. Resident keys are for the "passwordless" authentication method under FIDO2.
U2F requires that the server must know exactly which keyHandles to request, based on the username (and probably password) that is supplied earlier by the user, so that the token can take the keyHandle and derive the key.
In FIDO2 "passwordless" mode, there's no username or other identifier presented, so it's just a generic request for credential from the server -- the authenticator has to independently figure out which key to present based only on the origin/domain, and maybe even present a list of stored keys (probably effectively a list of accounts?) to the user for selection. So it'd need some local/resident storage of various bits like the origin, maybe a user-chosen account name, and the actual credential, since it can no longer rely on the server to do store all these bits.
That is really great if you don't have any outbound deliverability issues due to IP reputation on a VPS host! Under those circumstances, that sounds like a great arrangement.
I think that is not quite the norm, lots of these hosts (and home internet connections) tend to have rather bad reputations, and chasing down the various RBLs can get really old really fast, especially since the most common response is to silently blackhole so you don't get a bounce.
I haven't had any issues with my personal domain in years, ever since I moved it from random web host to GApps, to deal with IP reputation issues, and have SPF+DKIM setup. (but my domain is a .net one)
WebAuthn is backward compatible with U2F tokens, but naturally only for use as second factor. They defined CTAP1 as the U2F protocol for existing tokens, then defined the new CTAP2 for communication with the new tokens, and made both part of the spec.
> WebAuthn and CTAP2 are both required to deliver the FIDO2 passwordless login experience, but WebAuthn still supports FIDO U2F authenticators, since CTAP1 is also part of the WebAuthn specification.
> Like FIDO U2F, the FIDO2 standard offers the same high level of security, as it is based on public key cryptography. In addition to providing unphishable two-factor authentication, the FIDO2 application on the YubiKey allows for the storage of resident credentials. As the resident credentials can store the username and other data, this allows for truly passwordless authentication. YubiKey 5 Series devices can hold up to 25 resident keys. If RSA keys are used, there is a maximum of three RSA with the rest being ECC.
I wonder what the user experience will be like at 25 resident keys, they mention that the YubiKey Manager (ykman) can set/change FIDO2 PIN and reset FIDO entirely, but nothing about managing individual resident keys/credentials.
It seems like it might be a bit challenging to manage this, especially if end-users accidentally register the authenticator multiple times or run out of the 25 slots for some other reason, and be told that they need to reset the whole authenticator and do recovery for all their sites...
> Party A will generate a shared key with B — or whoever pretends to be B — without having a second chance to change its exponent a depending on the value g_b received from the other side; and the impostor will not have a chance to adapt his value of b depending on g_a, because it has to commit to a value of g_b before learning g_a.
> The use of hash commitment in the DH exchange constrains the attacker to only one guess to generate the correct visualization in their attack, which means that using just over 33 bits of entropy represented by four emoji in the visualization is enough to make a successful attack highly improbable.
> > With SIM cards, users can switch to a new phone by just moving the SIM, or switch to a new provider while keeping their phone (assuming its unlocked) by just replacing the SIM.
> Unlocked phones are still relatively rare in the US so I don't agree with your second point either.
As you point out, where GSM networks are concerned, this observation is mostly specific to the US - swapping phones and swapping SIMs has been a reality in the rest of the world for years.
Instead, the main source of friction is frequency bands. When swapping phones, it's not often an issue when switching between locally distributed phone models, since they are the Asia/international models with more band compatibility. When swapping SIMs domestically, it's not an issue for the same reason. When swapping SIMs internationally, phone service typically works, but if you want high speed data _then_ you check for band compatibility.
I'd say that for most of the world, the reduction in friction is real. It's a pity that the US market is so different.
If you only have a 3G device, or a 4G device that doesn't support the available FDD-LTE bands, you might be better off getting a China Unicom HK card instead. They have HSPA+ on 2100 MHz. Google services work fine on them.
The cards are hard or impossible to find within the HKIA transit area, so you will want to either pick it from a street retailer in HK, or order from their English webstore - http://www.cugstore.com/hk_en/. Street prices are usually cheaper.
(No affiliation, just a happy customer from a few months back. I got their "Greater China 30 Days Data SIM" because I was spending time in Macau and Hong Kong as well.)