All Questions
9
questions
1
vote
0
answers
1k
views
Reading SSH private key physically stored on yubikey to remote into external PC
I was wondering if it's possible to only store and read a ssh private key on a yubikey and not read the private key the yubikey generated from a client computer?
Currently the only way it seems to ...
3
votes
1
answer
814
views
Is FIDO2 authentication vulnerable to a social engineering replay attack?
I'm starting to learn about the FIDO2 standard, and I'm wondering if this scenario is possible...
Victim visits a credential harvesting page and enters their credentials
Credential harvesting backend ...
1
vote
1
answer
396
views
Why isn't U2F's CTAP protocol forwards-compatible with FIDO2's CTAP protocol?
I've been trying to find the major differences between "U2F" versus "FIDO2" two-factor authentication standards. Reading some of the articles posted by different companies and even ...
2
votes
1
answer
3k
views
Implementing FIDO2 (WebAuthN) in Native iOS
I am currently investigating the idea of implementing FIDO2 (WebAuthN) support in native iOS using Swift. I understand that there is no FIDO2 support in native iOS, and only available through Safari ...
1
vote
1
answer
360
views
FIDO2 - Where do Android and IOS platform authenticators store private key credentials?
I'm new to FIDO2 specification.
I'm aware that Android and IOS devices support FIDO2 protocols (even Android phones could act as a physical key for FIDO2 authentication).
However, Could anyone let me ...
1
vote
0
answers
126
views
WebAuthn Variation with non-connect dongle Authenticator
As I read through the WebAuthn / FIDO2 documentation, it appears the authentication is done on the local device to create an attestation to the FIDO server. This future implies the "biometrics" or ...
6
votes
2
answers
322
views
Does injecting my own key material into the authenticator undermine authenticator's attestation?
I'd like to be able to inject my own key material in the FIDO2 authenticator; at the very least it will remove the need to trust the vendor (because we have no guarantee whether the vendor keeps ...
18
votes
1
answer
7k
views
FIDO and FIDO2 differences
I've been reading both FIDO and FIDO2 specs for a while tring to understand the similarities and differences between both. Here is how I broke it down so far:
FIDO: First iteration in creating a ...
1
vote
0
answers
179
views
Practicality of Direct Anonymous Attestation [closed]
DAA (Direct Anonymous Attestation) is not the only scheme to achieve anonymous attestation. In general, these schemes allow an entity to stay anonymous throughout the attestation process. The concern ...