Closed janniks closed 4 years ago
U2F doesnt have a timer just a counter and upon install the counter apparently is set to unixtime, which is probably very hard to beat although depending on the language it might trigger the year 2038 problem.
The counter is indeed set to unixtime at install since last app update, so there should be no more reinstall issue.
According to ledger's fido-u2f support page when the app is deleted or the device is reset/recovered, a timer/counter used in some versions of U2F, is lost. This makes ledger a dangerous U2F device, if users rely only on their ledger.
Other hardware wallets have a recovery mechanism that restores the counter value automatically (trezor since firmware 1.4.2). Please add this to the ledger app as well. 😊
If it helps the trezor u2f app is open-source, as is their entire firmware: https://github.com/trezor/trezor-mcu/tree/master/firmware/u2f