-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set User Handle to a salted hash or random #21
Labels
enhancement
New feature or request
Comments
Yes, you are right.
|
I realized that there might be a lot of parts that need to be fixed to provide random values. I think we might have to find another way. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current User Handle (a.k.a user ID) is a hash of the user name.
line-fido2-server/rpserver/src/main/java/com/linecorp/line/auth/fido/fido2/rpserver/controller/CredentialController.java
Line 147 in 22d5aa9
The documentation appears to recommend it with salted hash or random, so should we change that?
https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-user-handle-privacy
The text was updated successfully, but these errors were encountered: