Actually for a lot of U2F implementations, I think these might hold up against this attack. Most tokens don't store the site unique key in the token, but wrap this and send to site for storage. When the site doesn't have the wrapped key to give back to you, you could fail that.
-
This Tweet is unavailable.
-
-
This Tweet is unavailable.
-
Replying to @pwnallthethings @Pinboard
See standard at https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-overview-ps-20141009.html … This was included in threat model. If TLS server and browser support TLS ChannelId extension, there's protection against U2F MITM even in face of valid TLS cert with matching name. See section 6 in detail.
1 reply 1 retweet 2 likes -
This Tweet is unavailable.
-
Replying to @pwnallthethings @Pinboard
In fairness, I believe "not used" is a bit of an exaggeration that I probably encouraged. I think that Chrome implements it, client side. I don't think I've heard of it used server-side.
1 reply 1 retweet 0 likes -
Replying to @mdhardeman @pwnallthethings
So in theory Gmail or Facebook could turn this on and protect users with security keys against the scenario outlined here, without requiring any changes on the user side.
1 reply 0 retweets 0 likes -
This Tweet is unavailable.
-
This Tweet is unavailable.
-
This Tweet is unavailable.
A diabolical browser of my own design, Mr. Stamos. *pulls back velvet cover* BEHOLD!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.