|
|
|
|
|
|
by coppsilgold
166 days ago
|
|
|
Ultimately what he is suggesting to do is to bind a string of entropy to a website through facilitation of the browser and a Passkey. A cryptographic seed is one of the most sensitive things. And here you choose to expose it to a website (even though it was specifically generated for that website). This is not something you do for authentication. The only reason to do this is to have javascript/wasm on a website perform sensitive cryptographic operations for you. You should never be doing this. Applications such as password managers can already integrate entropy from a passkey to encrypt their databases using the Challenge-Response protocol: https://docs.yubico.com/yesdk/users-manual/application-otp/c... |
|
|