Got it, given the phrasing there was a concern that there could be a non-standard addition to the contextual string. This works for us and we look forward to PRF landing in Chrome. -NS
On Monday, May 1, 2023 at 4:22:43 PM UTC-4 Adam Langley wrote: On Mon, May 1, 2023 at 12:47 PM Nick Steele <nick....@agilebits.com> wrote: 1 Password is also supportive of this extension being added. Being able to encrypt data alongside a credential would be useful to us and our users. I'd like some clarification on the contextual string being provided for HMAC hashing. What is the expected context input being provided? See https://w3c.github.io/webauthn/#prf-extension: > Let salt1 be the value of SHA-256(UTF8Encode("WebAuthn PRF") || 0x00 || eval <https://w3c.github.io/webauthn/#dom-authenticationextensionsprfinputs-eval> .first <https://w3c.github.io/webauthn/#dom-authenticationextensionsprfvalues-first> ). So any applications with more direct access to security keys have to opt-into being compatible with the Web by picking salts with known pre-images via that function. Existing uses do not get abruptly exposed to the Web via this extension. Cheers AGL -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/06c05e0b-57aa-4c83-8643-cb1775b9d384n%40chromium.org.
