-
Notifications
You must be signed in to change notification settings - Fork 5
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thoughts & Notes on rawId
vs userHandle
as shared secret/seed
#7
Comments
rawId
vs userHandle
as shared secret/seedrawId
vs userHandle
as shared secret/seed
What does that mean?
That may or may not be true from a UI perspective, but it does not match what the webauthn spec says nor how the APIs will behave. The credential ID is not protected or secret (nor are the username or displayname), but the So we won't be switching to use any of those other approaches. All that said, using |
From @coolaj86 (originally posted here): I don't know if this will live and grow here for a long time, but this is my own demo: I found that it's actually waaaaaaaaay simpler than almost everyone is explaining it, if you know a few critical details about how the system works. It's definitely made to give Big Tech the advantage and to make it as close to as impossible as can be for Self-Sovereign Identity, but I've found a few loopholes that I think I can exploit for local encryption, and a few shortcuts to really simplify the DX based on how it works in practice rather than the 10,000 permutations that are spec'd, but that I can verify don't work. Early next week I'll be having more people test on their phones and computers to make sure I've got it all right and that my implementation doesn't conflict with future variations of the standard, but I feel pretty confident that I could explain and demo it simply enough to, for example, make conference slides for it (too bad I didn't run into this months ago to submit to UtahJS). Right now I believe that the best thing that Credential IDs can be used for is local encryption. As far as I can tell, the UX between "Register Passkey" and "Login with Passkey" is so constrained, that even if you sync the IDs through servers across devices, there's a lot of caveats that maybe we're probably better off just not trying to work around. Instead:
Much of the spec itself, and certainly what Big Tech has chosen to implement seems a lot like some sort of "malicious compliance" - like it's not really about the awesome marketing message about "the users" and "safety", but rather just putting Big Tech more in control. The implementation we have to work with certainly does not build a strong case for a true goal being to make user or developer experience better. At least on Desktop I feel safe about Brave storing my keys, but apparently Apple won't let Brave sync the keys on Mobile, and Apple also won't share the keys to Brave on Mobile - so I hit the immediate wall of frustration that I can't have a seamless experience - pretty much matches the password manager story on Apple - full Safari or bust, exile the webviews (other browsers) to the sandbox. I imagine that Android is better and worse in that it probably allows more between phones and browsers, but probably doesn't work well with Microsoft accounts. 🤷♂️ |
There are numerous concerns I uncovered when I initially considered using the credential-ID as the seed for encryption/decryption keys. I ultimately abandoned that design choice, in favor of sticking the seed in the In any case, as it relates to Local Data Lock, the design you propose has already been ruled out, so we don't need to continue this line of debate here. I'm only including this information for posterity sake (and your benefit!).
So, for all the reasons/concerns above, I decided that using credential ID was inappropriate/insufficient, and I abandoned that idea. The |
rawId
vs userHandle
as shared secret/seedrawId
vs userHandle
as shared secret/seed
Thanks. You've got me convinced on Also, I think it will work with FIDO2 devices. I'm still getting confused with all the specs and the note I saw about U2F on the new devices seems to be about backwards compatibility, not current limitation. (will read more and possibly respond more tomorrow) |
How do you solve this problem:
Yes, but it's not what you might think: SHA-1 is vulnerable to birthday attacks from INPUT data (i.e. the keyspace isn't perfectly evenly distributed 128-bit)
So while you might not want to use SHA-1 as a key expansion algorithm to create psuedorandom 128-bits, that's very different from a 128 bit key being able to be broken. 128 bits is just as secure for 256 bits for all real-world purposes:
I imagine that Android and Windows implement this the same way that macOS does: The fingers (and sunglasses, etc) are abstracted at the OS level. When you create your Touch ID / Face ID on macOS you can add as many fingers as you want - because the Touch ID is for the USER, not for the key. The key is pairwise to applications and usernames, but it's all the same biometrics regardless. Furthermore:
I don't believe that the silent option will ever be implemented by any OS or browser. I don't believe it's been implemented on any to date.
In general, I think they tried waaaaay to hard to make WebAuthn a standard for every possible biometric scenario that may ever exist in the universe, but I don't believe most of it will ever be implemented. It's too complicated. |
I think I just answered this concern as well as my own: macOS & Brave (Chromium)YubiKey (FIDO2)Huzzah!It appears that they're all pairwise between the Authenticator and Relying Party, and not the So I can't create a key for two different users under the same OS account or the same Device. This is actually really great. That means that as long as So it seems like not only can you have high-entropy It is a little sad that you never get Edit: I may have not hit refresh hard enough when testing. Now it seems that now I can create alternate credentials using the same device with different user ids. |
Okay, I got confused by the documentation at https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions.
Regardless of what the spec says, it seems that the actual behavior is that when I pass in an existing If I don't do that then macOS will REPLACE the existing account, but Brave (Chromium, Chrome?) will create a DUPLICATE identity. |
My experience has been that as long as the This is why my approach is to generate a new |
As for Also, I think that name is terrible, because what that feature is actually doing is excluding an authenticator if that authenticator has a credential matching that ID. It really should be called |
There's actually silent and there's "silent". The latter is technically possibly right now -- you can pass in an already-aborted
Completely agree with that. That's a significant reason why I created WALC. |
As this has become a valuable store of information for posterity, rather than actionable, moving to a discussion. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Depending on how the credential is created, the
userHandle
shows up in macOS Keychain Access asAccount
without any additional authentication. However,id
is kept invisible.To get the effect of being able to have multiple keys you could use the index as salt to WebCrypto PBKDF2, and then pass that into the box keypair function for the seed.
When stored in macOS Passwords and Passkeys the User Name is public, but to view the info at all requires authentication. I don't know what is visible when the User Name is blank, but my guess would be Display Name. I'll find out later.
id
will also be the same for the given passkey with every use.Some U2F devices (in the vein of FIDO2 YubiKey) may not support
userHandle
, but they will supportid
.publicKey
is only available on registration, and never againsignature
is nonced by ES256 and EDDSA, so the same key and payload yield different sigsThe text was updated successfully, but these errors were encountered: