Worries Arise About Security of New WebAuthn Protocol - Slashdot


An anonymous reader writes: "A team of security researchers has raised the alarm about some cryptography-related issues with the newly released WebAuthn passwordless authentication protocol," reports ZDNet. "The new WebAuthn protocol will allow users of a device -- such as a computer or a smartphone -- to authenticate on a website using a USB security key, a biometric solution, or his computer or smartphone's password." But researchers say that because WebAuthn uses weak algorithms for the operations of registering a new device, they can pull off some attacks against it.

!Hubzilla Development
I love this quote:

PKCS1v1.5 is bad. The exploits are almost old enough to legally drink alcohol in the United States