HackerTrans
トップ新着トレンドコメント過去質問紹介求人

Hyulet

no profile record

コメント

Hyulet
·5 年前·議論
The guy edited his comment:

> EDIT: On second thought, I will not and just leave it at that. It seems the internet is fed on outrage and must interpret every intent as malicious.

Yes, I'm sure this is not malicious at all:

> Upon further investigation, it became clear that Wenzheng Tang is a Chinese national, but not resident in China. As a guest in his current country, his residency status is predicated on a number of conditions, one of which is not violating the law.

> If found in violation of laws, residency may be revoked and he may be deported to his home country.

> This becomes even further complicated given another repo of his - Fuck 学习强国, which is highly critical of the Chinese government. Were he deported to China, who knows how he may be received.
Hyulet
·5 年前·議論
Yeah. One of my banks uses something like this. Here's how it works:

The client can only use numerical passwords. When loading the login page, their site also loads the number pad, which consists in an HTML pad containing the 10 digits. The digits are displayed as base 64 images and in a random order, so it's impossible to determine which digit is which from parsing the HTML alone. In the HTML, the images of the digits are each associated to a random 3 letters string. This string will be sent to the server instead of the plain digit.

With the number pad, the site also load a "challenge", and this challenge is sent to the server when connecting. My guess is that this challenge is an encrypted string that indicates what digit corresponds to what 3 letters string.

I made a script that logs in to my bank account to get some information and I was able to do it without using OCR on the images of the number pad because the images never change, so their base 64 strings are always the same. I was a bit disappointed when I realized it, I thought that the people who came with such a twisted login form would have added random noise to the image, just for fun.