The Cryptography Behind Passkeys
a year ago
- #WebAuthn
- #authentication
- #cryptography
- Passkeys use key pairs for digital signatures to authenticate users without transmitting sensitive information.
- WebAuthn specification enhances passkeys with origin binding to prevent phishing and key reuse across sites.
- Authenticators can be platform-based (e.g., iCloud Keychain) or roaming (e.g., YubiKeys), each with pros and cons.
- Passkeys protect against phishing and data breaches but are vulnerable to browser-based attacks and compromised authenticators.
- WebAuthn extensions like 'prf' and 'largeBlob' enable cryptographic functionalities such as HMAC-SHA-256 and secure data storage.
- Developers should implement account recovery mechanisms and consider passkeys within broader threat models.
- Future WebAuthn extensions may include advanced cryptographic primitives and monotonic counters for enhanced security.