HackerTrans
TopNewTrendsCommentsPastAskShowJobs

agl

no profile record

comments

agl
·tahun lalu·discuss
Setting a signature counter to constant zero is explicitly supported[1] and it's not a bug that it works. Google does not require the signature counter to increment; it's something else invalid about the response that's tripping it up.

The security story for signature counters is subtle[2] and the vast (vast) majority of sites are correct not to require them.

Using the Chrome virtual authenticator indeed works, and from the DevTools UI directly (three dots -> More Tools -> WebAuthn), no sockets required. It's not a vulnerability that it works. If it didn't, Apple, Google, and Microsoft would be effectively the only possible passkey providers. You can lock it down in enterprise environments if you need[3].

[1] https://www.w3.org/TR/webauthn-3/#sctn-sign-counter [2] https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn... [3] https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn...
agl
·tahun lalu·discuss
WebAuthn protects the sign in, but malware can still steal the resulting cookies. DBSC protects the sign in _session_. (It should stand for Don’t Bother Stealing Cookies.)
agl
·2 tahun yang lalu·discuss
It is a fair worry. On one side, there are sites with regulations that they are supposed to meet and it's hard to do so without knowing something about the passkey provider. If we want to try and replace SMS OTP, which is depressingly easy to compromise, we can't ignore such things.

On the other, we don't want to create a situation where it's impossible to start a new passkey provider because you'll never get 1000s of websites to put you on their allowlist.

So far, we haven't done attestation for passkey providers at all. There is only the AAGUID, which is a spoofable identifer should any sites try to filter based on it. There are legitimate cases where sites are required to know more, but we're trying to find a path that doesn't lead to the problems that you worry about and, so far, are erring on the side of openness.
agl
·2 tahun yang lalu·discuss
> The popular libraries seem to follow a kind of "shadow spec" where they agreed on using the URL-friendly variant of base64

WebAuthn itself uses base64url rather than base64. See, e.g., the `id` field here: https://www.w3.org/TR/webauthn-2/#iface-pkcredential

(It was probably a mistake, but it predates me so I don't know the motivation.)

> I still don't know whether it's possible to use both usernameless and usernameful passkeys simultaneously.

Non-discoverable credentials can only be used if their credential ID is passed in an allowlist. Discoverable credentials (a.k.a. "resident" in the API, although that name is a bit misleading) _can_ be enumerated in an allowlist. So they can work together, but to have the allowlist you must collect a username first or have some other way of know which account is pertinent to the current session.
agl
·2 tahun yang lalu·discuss
https://datatracker.ietf.org/doc/draft-davidben-tls-merkle-t...
agl
·9 tahun yang lalu·discuss
"Basically, the code recurses a sha256 computation 1714 times to get a lookup key, and then once more to get a password for decryption."

Other way around, no? The index is the hash of the decryption key (as it should be), it's just that the index is called "key" and the key is called "lookup".

If the decryption key was the hash of the index, then it would be trivial to decrypt every entry.