On Fri, 2015-07-10 at 13:05 -0400, Drew Erny wrote: > Hi, All, > > I think some of you discussed with me the details of the community > portal captcha with me on IRC. Yesterday, I wrote up a design proposal > for the captcha system that I'd like some of you to take a look at and > check to see that I'm understanding it correctly, and that this captcha > method is secure. > > http://www.freeipa.org/page/V4/Community_Portal_Captcha >
If you are going to use a DB for storing the HMAC signatures, then you can also store there the key used to generate them IMO. You generate the key from os.urandom(16) if it is not found (in which case you can also remove all the HMACs present in the DB as none will validate anymore). Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
