What is the purpose of the challenge that the relying party sends in WebAuthn, and how does it relate to challenge-response authentication?
The challenge is a fresh random value the authenticator must sign; signing it proves possession of the private key right now and blocks replay attacks.
This is classic challenge-response authentication:
- The server (relying party) issues a random, single-use challenge.
- The authenticator signs it with the private key.
- The server verifies the signature with the stored public key.
Because the challenge is new and unpredictable every time, a captured response (signature) is worthless later — it only matches that one challenge. This defeats replay attacks, where an attacker resends previously sniffed authentication data.
The challenge's role is the same at registration and login — prove live possession of the key and prevent replay. The difference: at registration the key is brand new (the server has no public key yet and learns it now); at login the server already has the public key and uses it to verify.
Tip: "Challenge-response" beats "send your secret": you never transmit the secret itself, only fresh proof that you hold it.
Go deeper:
Challenge–response authentication (Wikipedia) — why a fresh random challenge (nonce) defeats replay attacks.