Firstyear
Firstyear
> It _could_ be a spec concern, if the spec were to say that a client MUST NOT filter out extensions it does not recognise. Of course it doesn't say...
The PRF needs to change if UV is or is not present, so that an attacker with physical access to the key can request UV=false, and then get the PRF...
Interesting - I spent hours searching, and reading podman man pages and never found a single reference to this. Perhaps this can be considered as a bug to improve visibility...
That will teach me for submitting a PR in a hurry on a busy day :)
@BlackDex Yeah, I think I need to just clean this up a bit: We have all your V3 -> V5 credentials moving to backup_eligible == true. This means during authentication...
> @Firstyear Would this PR mean my Voodoo checks in the commit [dani-garcia/vaultwarden@df783fc](https://github.com/dani-garcia/vaultwarden/commit/df783fc3b698ff140f00afa3869627133339e8ff) would be no longer needed? Hopefully yes :)
@BlackDex Can you confirm if this updated PR resolves your issue without the need for all your checks? If it does, I'll do a release so you can use the...
That sucks :( I see you have merged a separate PR so in this case, do you want me to just close this one since you have a work around?...
Correct, in this case it doesn't really affect your security stance. Realistically, given how the passkey ecosystem has moved, flags like backup eligibility and such dont matter, as the only...