Nitrokey Fido U2F fails to login in chrome 73

You may be interested to know that Nitrokey Fido U2F fails to login starting with Chrome 73 (now beta). LED is not flashing and the request eventually reaches a timeout.

This is due to a new feature they call WebAuthenticationProxyCryptotoken. One can login only if chrome is run with --disable-features=WebAuthenticationProxyCryptotoken flag.

See 935131 - chromium - An open-source project to help move the web forward. - Monorail for more info.

This issue still persists in 73.0 the official build of chrome (on Windows 10). Your fix should be listed on .

@4mr.minj do you know what WebAuthenticationProxyCryptotoken does? Is this a security relevant feature in the context of the u2f nitrokey? Can I disable it without concerns?

Not really no. My googlefu only lead me as far CryptotokenPrivateCanProxyToWebAuthnFunction function in chromium. This looks like some new input sanitation stuff in the standard:

As far as I can tell the commit has not reached any release branches yet, but their infrastructure is confusing as hell since they switched from google code and I am not one to clone their gigantic repo to check.

It does not seem that important to me, especially since this is a new development. But you are free to read the linked spec documentation in brave forum and tell us :wink:

This should be fixed with a patch since version 74.0.3725.0
Can you retest? It works for me on Linux with Chromium.

Sorry for the long unresponsiveness.


1 Like