Re: u2f seed

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, 2 Jan 2020, Fox, Kevin M wrote:

> In the u2f protocol, my understanding is in the normal case, the web
> browser seeds the keypair process with the hostname of the remote
> server. In the case of ssh, the hostname is probably not what I would
> want to do. But the u2f protocol seems to have a way to handle this.
> It just needs to be exposed to the user. The content of the private
> keyfile in ssh is generated somehow. Where is that done?

The key generation is done solely by the token. There are several
strings (challenge, application) that OpenSSH sends to the token that
are inputs the the process, but I'd expect most tokens would have
onboard CSPRNGs that they use the actually generate the keys.

-d

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux