Closed djsan15 closed 5 years ago
nickmooney
commented
5 years ago I believe RS256 is included to support Windows Hello. I can't really comment on its deprecation in the COSE registry (though my best guess is that it's due to its vulnerability to padding oracle attacks), but I know that it is actively in use by Windows Hello, and as a result needs to be supported in py_webauthn.
nickmooney
commented
5 years ago Actually, ignore the bit about padding oracles -- that applies to RSA encryption rather than signing. PKCS1v15 (which is the padding scheme used with RS256) is still somewhat notorious for being easy to mess up (see Filippo Valsorda's post about a variant of the Bleichenbacher attack he found in a Python RSA library).
That said, "deprecated" doesn't mean "unsafe to use" -- it's really up to Microsoft to decide if they want to move away from using RS256 for WebAuthn signatures.
djsan15
commented
5 years ago Oh I see. Yeah then it makes sense. Thanks.
I was just going through the
WebAuthnMakeCredentialOptions.registration_dictand saw COSE_ALG_RS256 (-257) being used as the second priority for pubKeyCredParams. According to "IANA COSE Algorithms" specification this algorithm has been deprecated. Am I missing something over here or is this actually being used?