top | item 35805125

(no title)

petedoyle | 2 years ago

> Sure, but if that key derivation function is protected by a "you get 10 attempts then we wipe the keys" safeguard, the effective entropy is much higher.

Thank you. 100% agree.

> Passkeys do not and are not designed to protect against nation-state level attackers

I've been mulling over some use-cases where this is important, hence the deep consideration over entropy. 100% not a huge deal for the passkeys case for many 9's of people.

discuss

No comments yet.