2/14/2024 0 Comments Yubikey open source alternativeIf I had to guess, I'd say that there's probably a real-time clock in the device, or that it gets the current time when it interacts with the Ledger Live app, and then the usage counter is updated in that manner to correctly spoof logins. I have no idea how Ledger gets around this. It always has to be greater (by 1 or more than one) than the last successful login. If you cloned a Yubikey and then used the master 10 times, when you went to use the backup it would fail because the usage counter would now be behind the last value seen by the website. One is that there is a counter, typically per device but theoretically it could be per account, that increments each time an action is preformed. The original FIDO U2F has inherent mechanisms to prevent cloning.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |