Today I finally sat down to learn how #FIDO#U2F keys support an "unlimited" number of websites on a single token, without compromising privacy, and without running out of memory on the token.
Reusing the same public/private keypair would allow websites to track tokens. So, the token generates a new keypair on each registration. But where is it stored?
With the website! The token encrypts the private key with a token-specific secret and receives it back from the website on each login request.
