A number of things. The key is stored on a separate coprocessor from the CPU, so the CPU doesn’t even know the private key. That takes its own protocol, over either i2c or usb. Then the browser has to coordinate that protocol to communicate with the web protocol from the frontend JS. There’s also the concept of server verification as well, so it’s a more complicated handshake than just one signature going one way. Then, of course, there’s the inherent complexity of public key cryptography in general, but you only need to worry about that if you’re writing it from scratch with no library.
From a basic web dev perspective, it’s not much more complex than a password, but that’s because the complexity of the protocols is hidden behind the libraries. A password actually isn’t complex, even when you remove the libraries.
hperrin@lemmy.ca 4 months ago
Here, these specs are what they’re based on:
passkeys.dev/docs/reference/specs/
EncryptKeeper@lemmy.world 4 months ago
Right but what about it do you think is complex?
hperrin@lemmy.ca 4 months ago
A number of things. The key is stored on a separate coprocessor from the CPU, so the CPU doesn’t even know the private key. That takes its own protocol, over either i2c or usb. Then the browser has to coordinate that protocol to communicate with the web protocol from the frontend JS. There’s also the concept of server verification as well, so it’s a more complicated handshake than just one signature going one way. Then, of course, there’s the inherent complexity of public key cryptography in general, but you only need to worry about that if you’re writing it from scratch with no library.
From a basic web dev perspective, it’s not much more complex than a password, but that’s because the complexity of the protocols is hidden behind the libraries. A password actually isn’t complex, even when you remove the libraries.