|
|
|
|
|
|
by tialaramex
1963 days ago
|
|
|
Now I feel terrible, because I think this was incorrect due to an embarrassing error and yet it has 5 upvotes which suggests several HN readers thought it was helpful :( During another activity I was talking to somebody about this test, and when I visualised it in my head I realised that even though I was talking about testing my "Security Key 2" I had actually tested a much simpler/cheaper Feitian based U2F authenticator I own because it was in my pocket and I just instinctively use the one I'm carrying for FIDO authentication. Unsurprisingly this cheaper device doesn't do hmac-secret. However I have now fetched my actual genuine Yubico Security 2 and re-tested that, and it does have hmac-secret despite Yubico's own site seeming to suggest otherwise. The chances anybody is reading this for any reason other than to point out I was wrong are small, but just in case this is found by somebody's later Google search here it is. Here's some example output from Yubico's example app (the secrets here are random and worthless) New credential created, with the HmacSecret extension.
Authenticate with salt:
b'21cef9e80517c7527ddaea4229ea36c675c539da7f98ecf3878dfc026caf4a6d' |
|
|