On Fri, 2015-07-10 at 13:05 -0400, Drew Erny wrote:
> Hi, All,
> I think some of you discussed with me the details of the community 
> portal captcha with me on IRC. Yesterday, I wrote up a design proposal 
> for the captcha system that I'd like some of you to take a look at and 
> check to see that I'm understanding it correctly, and that this captcha 
> method is secure.
> http://www.freeipa.org/page/V4/Community_Portal_Captcha

If you are going to use a DB for storing the HMAC signatures, then you
can also store there the key used to generate them IMO. You generate the
key from os.urandom(16) if it is not found (in which case you can also
remove all the HMACs present in the DB as none will validate anymore).


Simo Sorce * Red Hat, Inc * New York

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to