ovx
commented
1 week ago Hi, I'm not sure if I understand the issue correctly, but this is just a library with helpers for creating and solving challenges for ALTCHA. It does not include any server-side implementations such as replay-attack prevention etc (https://altcha.org/docs/server-integration/#security-recommendations). Users have to implement such mechanisms on their own depending on the technologies they use. The lack of these features is intentional to keep the library simple and independent from specific server technologies.
The code example doesn’t refresh after a failed attempt, allowing attackers to repeatedly attempt the same challenge without solving it, increasing vulnerability to brute-force attacks. Please consider refreshing the challenge in the exmaple after each failed attempt to ensure unique challenges per attempt, making brute-force attacks harder.