From 2e77eda39a693a928398236b79cccd5b42750965 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 5 Oct 2020 14:11:02 +0200 Subject: [PATCH] man: reword of fido2 key derivation "keyed by" is indeed a bit jargony. Say " a HMAC hash of the salt combined with an internal secret key" instead. For #17177. (cherry picked from commit e0c60bf6a0065ba447b50fcb1bb171725e8bd00d) --- man/homectl.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/man/homectl.xml b/man/homectl.xml index 78b36062ef..0886f5acf6 100644 --- a/man/homectl.xml +++ b/man/homectl.xml @@ -355,11 +355,11 @@ Takes a path to a Linux hidraw device (e.g. /dev/hidraw1), referring to a FIDO2 security token implementing the - hmac-secret extension, that shall be able to unlock the user account. If used, a - random salt value is generated on the host, which is passed to the FIDO2 device, which calculates a - HMAC hash of it, keyed by its internal secret key. The result is then used as key for unlocking the - user account. The random salt is included in the user record, so that whenever authentication is - needed it can be passed again to the FIDO2 token, to retrieve the actual key. + hmac-secret extension that shall be able to unlock the user account. A random salt + value is generated on the host and passed to the FIDO2 device, which calculates a HMAC hash of the + salt combined with an internal secret key. The result is then used as the key to unlock the user + account. The random salt is included in the user record, so that whenever authentication is needed it + can be passed again to the FIDO2 token again. Instead of a valid path to a FIDO2 hidraw device the special strings list and auto may be specified. If list is -- 2.25.1