Daniel Stiner
Daniel Stiner
Currently we store keys in the user's keychain, or if that's not available just in a file in their home directory. This is sufficient for many use cases, such as...
A number of good ideas in: http://0pointer.net/public/systemd-nluug-2014.pdf Should be as simple as trying each mitigation and see which can be enabled without breaking anything. Possibly more in the following presentation:...
There have been a few bug reports that seem to stem from the uhid kernel module not being loaded. Sometimes this is because the kernel does not support it at...
Existing libraries that may be useful: - https://github.com/mozilla/authenticator-rs - https://github.com/google/u2f-ref-code
OpenSSL works but is an extra dependency and has had vulnerabilities in the past. It should be possible to port to the ring crate: https://github.com/briansmith/ring
Re-registering with the same site should reset the authentication counter to zero. However this is lowpri as it has little functional impact. Starting at a non-zero number is still within...
Currently we use a `udev` to grant access to the currently logged in user, but this has poor behavior when multiple users are logged in at once. For example the...