Nitrokey Fido U2F fails to login in chrome 73


#1

You may be interested to know that Nitrokey Fido U2F fails to login starting with Chrome 73 (now beta). LED is not flashing and the request eventually reaches a timeout.

This is due to a new feature they call WebAuthenticationProxyCryptotoken. One can login only if chrome is run with --disable-features=WebAuthenticationProxyCryptotoken flag.

See https://bugs.chromium.org/p/chromium/issues/detail?id=935131 for more info.


#2

This issue still persists in 73.0 the official build of chrome (on Windows 10). Your fix should be listed on https://www.nitrokey.com/documentation/installation#p:nitrokey-fido-u2f&os:windows .

@4mr.minj do you know what WebAuthenticationProxyCryptotoken does? Is this a security relevant feature in the context of the u2f nitrokey? Can I disable it without concerns?


#3

Not really no. My googlefu only lead me as far CryptotokenPrivateCanProxyToWebAuthnFunction function in chromium. This looks like some new input sanitation stuff in the standard: https://community.brave.com/t/yubikey-fails-after-update/44807/2

As far as I can tell the commit has not reached any release branches yet, but their infrastructure is confusing as hell since they switched from google code and I am not one to clone their gigantic repo to check.

It does not seem that important to me, especially since this is a new development. But you are free to read the linked spec documentation in brave forum and tell us :wink:


#4

This should be fixed with a patch since version 74.0.3725.0
Can you retest? It works for me on Linux with Chromium.

Sorry for the long unresponsiveness.


#5

Confirmed