|
|
|
|
|
|
by furicane
2776 days ago
|
|
|
U2F isn't as trivial to implement as RFC4226 OTP. It takes effort. Implementing the counter check is trivial. Disregarding the counter and stating "that only enables replays" is absolutely unacceptable. If one is so irresponsible to the point they're enabling a replay attack - then there's no excuse and no valid argument to support the use of U2F at all. If you (not YOU, personally) can't implement the protocol fully, don't half-ass it and plant mines. That's my take on it, and anyone who implements this protocol to secure people's accounts MUST (not SHOULD) think the same. There is NO excuse for deliberate irresponsibility. |
|
|