Comment by MattPalmer1086
21 days ago
What is the purpose of the 6th digit?
It doesnt add any security, as it is trivially computable from the other digits already computed.
It appears to be a checksum, but I can't see why one would be needed.
21 days ago
What is the purpose of the 6th digit?
It doesnt add any security, as it is trivially computable from the other digits already computed.
It appears to be a checksum, but I can't see why one would be needed.
I originally included it as a structural integrity digit, with the option for early rejection on the server side. That early exit check is not implemented in the current PAM module yet.
This is an early POC, and sanity checks like this are exactly the kind of feedback I’m looking for.
Probably not needed.
The computation of the code is not computationally expensive (human computation is a requirement) so no real impact on server having to perform the full computation.
I guess if implemented client side it might provide a sanity check for the user before submitting, but it's more work for the human and they are almost as likely to get the checksum calculation wrong as any other part of it.
So I would probably remove it.
That is what I thought too, when I read it. (I was going to mention it if I did not find someone else already did.)
It probably isn't for security, it is more likely a quick check that the code that you memorized makes sense.