FIDO Conformace V1.7.4 | CTAP 2.0 | Ext: Hmac Secret error
55 views
Skip to first unread message
추준엽
Oct 6, 2022, 5:47:43 AM10/6/22
to FIDO Dev (fido-dev)
hello,
I don't understand why "uvSalt1Hmac" and "nonUvSalt1Hmac" shouldn't be the same.
I was testing authenticator(CTAP2.0).
i use FIDO Conformance Test Tool Version 1.7.4
There seems to be a problem in the test chapter(Ext: Hmac Secret (P-4)).
I don't understand why "uvSalt1Hmac" and "nonUvSalt1Hmac" shouldn't be the same.
and The order of "salt1", "salt2" of P-3 and P-4 is different in the script. Is this right?
nuno sung
Oct 6, 2022, 8:15:11 AM10/6/22
to FIDO Dev (fido-dev), choo...@seowoosnc.com
It's a security enhancement on the hmac-secret extension since ctap2.1_pre or ctap2.1.
The authenticator chooses which CredRandom to use for next step based on whether user verification was done or not in above steps.
I don't think you should keep this old behavior of ctap2.0 on this extension especially it's related to the security.
The authenticator chooses which CredRandom to use for next step based on whether user verification was done or not in above steps.
I don't think you should keep this old behavior of ctap2.0 on this extension especially it's related to the security.
And for the P-3/P-4 test item, I don't think the test data are relative.
choo...@seowoosnc.com 在 2022年10月6日 星期四下午5:47:43 [UTC+8] 的信中寫道:
Reply all
Reply to author
Forward
0 new messages