Forgot the salient bit.
The user it's typically like a lottery ticket, but need not be. You say "provide the code for #56 on your card" and they run their finger down the list and type that in. When they get to ~85% of the numbers you mail them a new card. You can also do it electronically but that kind of defeats the point. Lots of companies make these, just google "OTP scratch card" -Mike. ________________________________ From: Michael O Holstein Sent: Thursday, March 15, 2018 9:57:17 AM To: CAS Community Subject: Re: [cas-user] Google Authenticator - scratch codes Mathematically .. think salted hash of list of known values. output is on the card .. you compare the values you have against what they gave you and see if it matches. The salt is unique per card. You buy them in bulk and you get a list of serial numbers = card ID .. usually there's QR so you can do it somewhat easily via your crediantialing office (make someone else do that BS, it's big numbers). In Cas it's like any other plugin. The value of the current card and salt is stored in (somewhere) and identifiable by (something) like the DN. It looks up both, just like how the others work. IIRC you can also do it via API but that's a bad dependency if it's not you running it, and why bother if it's you. Michael Holstein CISSP Cleveland State University ________________________________ From: cas-user@apereo.org <cas-user@apereo.org> on behalf of Janina Byky <projekt.ha...@gmail.com> Sent: Thursday, March 15, 2018 9:44:29 AM To: CAS Community Subject: [cas-user] Google Authenticator - scratch codes Hello CAS users, I've worked out CAS + GAuth + mongodb, but I don't know how does the scratch codes work in terms of CAS? How user can use them ? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c000a5a2-a3d2-40e2-ac19-27f521f3155f%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/c000a5a2-a3d2-40e2-ac19-27f521f3155f%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM2PR0801MB08631BDCFB08A8DA4A52EEAC83D00%40DM2PR0801MB0863.namprd08.prod.outlook.com.