- Jun 22, 2017
-
-
Dmitry Chestnykh authored
Contributed by email.
-
- Jul 28, 2015
-
-
Yusheng authored
-
- May 12, 2014
-
-
Dmitry Chestnykh authored
WARNING: introduces API incompatibility! This package generates captcha representations on-the-fly; for instance, if captcha solution was "123456", every call to NewImage() using this sequence of digits would generate a different random image containing "123456"; similarly, NewAudio() would generate a different audio pronouncing the same sequence: 1, 2, 3, 4, 5, 6. If a user, instead of storing generated outputs, exposes this functionality from their server, which is the default and recommended behaviour, an attacker could try loading the same image or audio over and over again in attempt to arrive at the most correct optical/voice recognition result. Instead of using a global non-deterministic pseudorandom number generator to distort images and audio, this commit introduces a deterministic PRNG for each image/audio. This PRNG uses a combination of a global secret key (generated once during initialization from a system CSPRNG) and captcha id and solution to produce pseudorandom numbers for each representation deterministically. Thus, calling NewImage() with the same captcha id and solution at different times will result in the same image (ditto for NewAudio). To make results unique not only for different solutions, but also for ids, these incompatible changes to public API have been introduced: NewImage and NewAudio changed from: func NewImage(digits []byte, width, height int) *Image func NewAudio(digits []byte, lang string) *Audio to: func NewImage(id string, digits []byte, width, height int) *Image func NewAudio(id string, digits []byte, lang string) *Audio That is, they now accept an additional captcha `id` argument. No other interfaces changed. Described changes also improved performance of generating captchas.
-
- Dec 11, 2013
-
-
Michael Gehring authored
-
- Dec 03, 2013
-
-
Dmitry Chestnykh authored
Instead of writing directly via png.Encode, encode image into a buffer first, then write the whole buffer. ~~~ This commit is brought to you by: http://blog.oleganza.com Must-have source of knowledge about Bitcoin. ~~~ (Sponsor my commits! https://github.com/dchest/commit-ads)
-
- Mar 11, 2012
-
-
Dmitry Chestnykh authored
-
Dmitry Chestnykh authored
-
- Jan 16, 2012
-
-
Dmitry Chestnykh authored
-
- Jun 29, 2011
-
-
Dmitry Chestnykh authored
-
- May 11, 2011
-
-
Dmitry Chestnykh authored
-
- Apr 28, 2011
-
-
Dmitry Chestnykh authored
Captcha ids are now 20 characters long.
-
- Apr 27, 2011
-
-
Dmitry Chestnykh authored
-
Dmitry Chestnykh authored
-
Dmitry Chestnykh authored
-
Dmitry Chestnykh authored
Garbage collection is an internal detail of a Store, and requiring to export this method seem to be not very useful. The default memory store, of course, still has garbage collection, but it's not the unexported method, called in Set as usual.
-
Dmitry Chestnykh authored
-
Dmitry Chestnykh authored
-
- Apr 26, 2011
-
-
Dmitry Chestnykh authored
-
Dmitry Chestnykh authored
-
Dmitry Chestnykh authored
-
Dmitry Chestnykh authored
-
Dmitry Chestnykh authored
-