Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
The flaw was not in a dependency but Trust Wallet's first party code [1]. They decided that Mersenne Twister would be sufficient for generating cryptographically random data and specifically called it "secure" [2]. Very unfortunate.
[1] https://github.com/trustwallet/wallet-core/blob/3.1.0/wasm/s...
It doesn't, at least not for generic/unmodified cryptographic applications.
WebAuthN signatures are of a very specific challenge/response format that applications need to explicitly support. For example, SSH had to add new key and signature formats [1] to support it.
Theoretically, a blockchain/cryptocurrency application could adopt the WebAuthN signature format as its canonical or an alternative signature format, but I'm not aware of any popular one having done so.
[1] https://github.com/openssh/openssh-portable/blob/master/PROT...