#!/bin/sh
## VISUAL TEST CGI THING
## (C) Hal Canary 2005
## This is free software; you can redistribute
## it and modify it under the terms of version
## 2 of the GNU GPL.
TEMP=tempfile.txt
# 'random_word' grabs N rand words
# from the dictionary file.
random_word 200 > ${TEMP}
for word in $(cat ${TEMP}) ; do
hash=$(echo ${word} | sha1sum - ) ;
# remeber that s oe versions of
# cnvert are broken.
convert -background "#d0d0d0" \
-fill black -pointsize 20 \
label:${word} "${hash}.png";
done
rename " -" "" *.png
rm $TEMP
The other side of it will be finished as soon as I get to it. Yes, I know that this one is (quite literally) succeptable to a dictionary attack.
UPDATE 4pm: Go here for an example.
I took the output of
$ head -c 160 /dev/random | sha1sum
And used that as my secret
SECRET=40104b46139b634cb444bd555056f2c9e7c5e2ea
hash=$(echo -n ${word}${SECRET} | sha1sum - ) ;
My PHP processing uses this code:
$secret=”40104b46139b634cb444bd555056f2c9e7c5e2ea”;
if (sha1($_POST[’visual-test-word’].$secret).”.png”
== $_POST[’visual-test-hash’] ) {
/*DO SOMETHING*/
} else { /*FAIL*/ }
Of course, I lie about the actual secret code.