|
|
|
|
|
|
by crunchatized
2892 days ago
|
|
|
It's not that kind of nonce. It's not even called that formally, it's called the 'signature counter.' It's just a part of the plaintext signed with the keypair. There is zero risk of what you're talking about. And how is it complicated to store a single integer per account and perform a comparison if `counter <= previousValue` at each authentication to see if it's not monotonically increasing? They already store that user's public key and key handle, they can store another 4 bytes. In fact, the WebAuthn spec makes verifying this behavior mandatory. [0] [0] https://www.w3.org/TR/webauthn/#signature-counter |
|
|