top | item 42968855

(no title)

Rafert | 1 year ago

The counter can always be 0, which is what cloud synced passkeys are doing IIRC.

discuss

The problem starts earlier with the secret key which you can't place "into" a TKey. You can deterministically derive one between the TKey and a server using some thing like a (semi) static DH but that isn't how it is implemented in general.

cuu508|1 year ago

I understand that the ability to place stuff "into" a TKey would be needed to support discoverable WebAuthn credentials ("passkeys"). But would it also be needed for non-discoverable credentials?

woodruffw|1 year ago

Huh yeah, I hadn't considered how they got around that. I suppose in that case this key could do something similar?