-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sometimes, the results of getPhrase and inline are partly inconsistent #81
Comments
Maybe it is because of one of the fonts used here See: |
I want to use session for cookies on the client, and then compare the hash value of the verification code. |
In that case just call doNiceize() before you hash in both generating and checking process and it will result in the same hash However check the possible combinations, if you have 5 characters 36^5 is around 60M, it is not really hard to brute force this hash |
In this way, can the correct capitalization of letters be displayed in the picture? The client enters five letters, the same md5 processing is performed on the client, and then the string value is compared. As for the number of characters you say, if you say too little, then execute 1000 times? Is it okay? |
Actually, injecting a secret salt before hashing is also a solution <?php
$salt = 'SomethingSecret';
$hash = sha1($salt.$phrase); |
Off the topic, how to ensure that the case of the characters in the picture is consistent with the phrase. |
Why sometimes the characters of getPhrase () and the characters in inline () are inconsistent, not all are wrong, but the case of one of the letters is inconsistent.
E.g:
The image base64 from inline () is processed in the browser, and the result displayed is YF7B
But the result of getPhrase () is Yf7B
why? Is it a browser issue or a code design issue?
The text was updated successfully, but these errors were encountered: