Hello. Just ran into this issue. Would you shortly explain why couldn’t initialization erase everything from the token, including all cryptographic material and authentication configuration? An initialized token would be as good as any other other empty token to an attacker.
Thanks!