To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/bf80e84d-2279-dde2-e217-7158260b224b%40strongkey.com.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAKWzpDvGTPzaqeVeqMpVuS8yqL%2BcE451Ykq%3DW_3JQhvKdh8igA%40mail.gmail.com.
The wording is probably not precise enough.
In order to prevent replay attacks, the challenges MUST contain enough entropy to make guessing them infeasible. Challenges SHOULD therefore be at least 16 bytes long.
It should be read as “Challenges MUST contains at least 128 bits of entropy”, which in practical terms requires to generate 16 bytes from a cryptographically secure random number generator.
The challenge is indeed hashed, with the client data, before being sent to the authenticator.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CACHSkNohnCKc61SiW-om3iRr-reXnW%2B7x3moLkEyTc%3DkEpz%2BYg%40mail.gmail.com.
Thanks all, for clarifying that the challenge had to be hashed by the platform (browser) before going into the authenticator - sometimes, one gets so deep into the "FIDO woods" that one forgets to see the trees.