From: Zbigniew Jędrzejewski-Szmek Date: Mon, 5 Oct 2020 12:11:02 +0000 (+0200) Subject: man: reword of fido2 key derivation X-Git-Tag: v246.7~141 X-Git-Url: http://git-history.diyao.me/?a=commitdiff_plain;h=2e77eda39a693a928398236b79cccd5b42750965;p=systemd%2F.git man: reword of fido2 key derivation "keyed by" is indeed a bit jargony. Say " a HMAC hash of the salt combined with an internal secret key" instead. For #17177. (cherry picked from commit e0c60bf6a0065ba447b50fcb1bb171725e8bd00d) --- diff --git a/man/homectl.xml b/man/homectl.xml index 78b36062ef..0886f5acf6 100644 --- a/man/homectl.xml +++ b/man/homectl.xml @@ -355,11 +355,11 @@ Takes a path to a Linux hidraw device (e.g. /dev/hidraw1), referring to a FIDO2 security token implementing the - hmac-secret extension, that shall be able to unlock the user account. If used, a - random salt value is generated on the host, which is passed to the FIDO2 device, which calculates a - HMAC hash of it, keyed by its internal secret key. The result is then used as key for unlocking the - user account. The random salt is included in the user record, so that whenever authentication is - needed it can be passed again to the FIDO2 token, to retrieve the actual key. + hmac-secret extension that shall be able to unlock the user account. A random salt + value is generated on the host and passed to the FIDO2 device, which calculates a HMAC hash of the + salt combined with an internal secret key. The result is then used as the key to unlock the user + account. The random salt is included in the user record, so that whenever authentication is needed it + can be passed again to the FIDO2 token again. Instead of a valid path to a FIDO2 hidraw device the special strings list and auto may be specified. If list is