|
|
|
|
|
|
by crunchatized
2888 days ago
|
|
|
Nothing mandates it. In fact, it's specifically discouraged in the WebAuthn spec: > Authenticators may implement a global signature counter, i.e., on a per-authenticator basis, but this is less privacy-friendly for users. Since you can have multiple keys on the same site, you could go one better, and have a per-key offset. When the key is rederived from the one-time nonce sent from the server, you'd also derive a 16-bit number to add to the 32-bit global counter. But even that wouldn't actually be enough to make correlating them impossible. A large but finite set of independent global counters is a great idea, though. 256 32-bit integers is just 1 KiB of storage. |
|
|