From 26193245d4d64a8b039267daf27daee9ec37f363 Mon Sep 17 00:00:00 2001
From: Andrew Kozlik <andrew.kozlik@gmail.com>
Date: Thu, 8 Aug 2019 19:07:45 +0200
Subject: [PATCH] core/webauthn: Generate random part of U2F key handles with
 uniform distribution.

---
 core/src/apps/webauthn/credential.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/apps/webauthn/credential.py b/core/src/apps/webauthn/credential.py
index 6dbea2a5e1..c1862ab249 100644
--- a/core/src/apps/webauthn/credential.py
+++ b/core/src/apps/webauthn/credential.py
@@ -220,7 +220,7 @@ class U2fCredential(Credential):
 
     def generate_key_handle(self) -> None:
         # derivation path is m/U2F'/r'/r'/r'/r'/r'/r'/r'/r'
-        path = [HARDENED | random.uniform(0xF0000000) for _ in range(0, 8)]
+        path = [HARDENED | random.uniform(0x80000000) for _ in range(0, 8)]
         nodepath = [_U2F_KEY_PATH] + path
 
         # prepare signing key from random path, compute decompressed public key