Closed zerkms closed 8 years ago
If there is a vulnerability on session side (attacker can read or write data), that'd make it harder for him to break the captcha and brute force for example. But it's not really meant to be a security measure, just the way we store it.
Ok, I see (I don't think it makes any sense though, but anyway).
Thanks :-)
What is the reason (from cryptography/security point of view) of applying
md5
together with the secret value for the captcha value that is stored in the session?