Better customer verification tokens

Slavik said:
Everytime you click that link, it will open an overlay to show you the last generated token.

It will show you the same token every time, until such time as you re-generate it clicking the regenerate token button.
Click to expand...
Clicking that link does bring up a new token. Clicking it again, brings up a new token. Keep clicking it and eventually it will report.
 
Slavik said:
Then theres something wrong with your PC. This is not the intended behavior, nor is it a behavior that happens on any of my 4 machines, on IE, Firefox, or Chrome.
Click to expand...
I'll bite.

How would my computer bring up a repeated token from XenForo.com services, that can be used?
 
Slavik said:
Then theres something wrong with your PC. This is not the intended behavior, nor is it a behavior that happens on any of my 4 machines, on IE, Firefox, or Chrome.
Click to expand...

Agreed. I just tested it and the same token appears when I click the link. I regenerated the token and tested again. Same token appears.
 
There's nothing to validate. You claimed clicking the link generated a new token each time.
 
Adam Howard said:
I'll bite.

How would my computer bring up a repeated token from XenForo.com services, that can be used?
Click to expand...

The only thing I could suggest is your caching settings mean after you re-generate a token, then re-open the overlay, it is showing you a cached version of the overlay.

However, that "cached" token shown to you will not work from the moment you click the regenerate button.
 
Slavik said:
The only thing I could suggest is your caching settings mean after you re-generate a token, then re-open the overlay, it is showing you a cached version of the overlay.

However, that "cached" token shown to you will not work from the moment you click the regenerate button.
Click to expand...
Clicking on the "generate token" took a while to get a repeat, but when I did it was valid

So .... I don't know.... You're call.

Untitled.webp
 
Adam Howard said:
Clicking on the "generate token" took a while to get a repeat, but when I did it was valid

So .... I don't know.... You're call.
Click to expand...


Then you should buy a lottery ticket for tonight, you must be be the luckiest person on XenForo to re-generate the same token multiple times against the 1 in however many hundreds of trillions of combinations there are available.
 
Slavik said:
Then you should buy a lottery ticket for tonight, you must be be the luckiest person on XenForo to re-generate the same token multiple times against the 1 in however many hundreds of trillions of combinations there are available.
Click to expand...
:ROFLMAO::ROFLMAO::ROFLMAO::ROFLMAO:

LMAO

You have a good sense of humor Slavik. Don't let anyone tell you different. :)
 
Doing the method described in my original post is not good because it can lead to a hash extension attack, so disregard it completely.
Though I still believe a better method could be used to verify customers which does not put customers at the risk of impersonation.
 
You must log in or register to reply here.

Similar threads

Adam Howard
  • Locked
  • Question Question
Manual Customer Verification
11 12 13
Replies
254
Views
43K
Paul B
Paul B
Top Bottom