Replacing Challenge/Response Auth with U2F

[Mike]

Since U2F is specifically designed for just such a task (KeeChallenge), what's the possibility of this? Does it make sense that this would be the natural evolution of the plugin function? Am I off target?

[Mike]

May be answering my own question... U2F doesn't support NFC (yet).

[Weasel]

it does since late 2015

[Thomas Shorock]

(To the best of my understanding.) U2F/Fido has a very different use-case from what KeeChallenge is doing. The difference is the logical difference between "authentication" and "encryption".

U2F/Fido is an authentication mechanism only. The remote system (Google or whomever) holds, to oversimplify things, a whitelist of permitted public keys. U2F provides a secure way (based on digital signatures) to verify that the holder of "Key X" is on the other end. But the decision to allow you or deny you access based on that knowledge (authorization) is a decision of the remote machine.

With something like KeePass, there simply isn't a "remote machine" to make those decisions. This makes it a much harder matter. U2F/Fido does provide any API-available encryption or decryption. Just authentication (signing). I do not believe there will be a way to parlay that into something comparable to what KeeChallenge is doing.

To make things just a little muddier, HMAC-160, which KeeChallenge uses, is effectively a signing method, too. But, it's a far, far more simple one. Because it is so simple, we can pre-calculate a challenge and response (which is what KeeChallenge does). A modern signing method, like U2F uses, will use public/private-key signatures. The U2F device will also embed some random numbers ('nonce') along with the challenge when calculating the signature to make sure it's not repeatable.

Long story short, as awesome at U2F is in its role, this just isn't its role.