Security Basics mailing list archives
RE: Thoughts on CAPTCHA
From: <Monrad.DC () forces gc ca>
Date: Wed, 16 Apr 2008 12:43:49 -0400
A recent podcast from Wired Science has an update source for the images. The intent is to take the CAPTCHA words from digitally scanned books that were not able to be processed by OCR. Used enough, it would automate the OCR proof reading. Ref: http://www.iptv.org/video/detail.cfm/1364/wirs_20071220_luis_von_ahn_human_computation -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Chris Barber Sent: Tuesday, April 15, 2008 6:05 PM To: security-basics () securityfocus com Subject: Thoughts on CAPTCHA I was just reading on the SANS NewsBites an article about how some implementations of CAPTCHA seem to have been out smarted by software. I have seen other articles and have not paid a lot of attention to them (simply because I have been too busy). But this got my gears turning. I do not know how other people feel about CAPTCHA in its current state, but I think it needs to be upgraded. You need some form of interaction that requires the user (human) to make choices that a computer would not be able to make. Something that changes with every mouse click or keystroke. Now, my sons play an online video game where you have to key in your passcode via a web-base keypad. The keypad is displayed with all keys in some random order, each time a key is pressed the numbers change positions, like musical chairs. Here is an example: Passcode is 564 When the key pad is first displayed it may look like: 9160 583 742 After the 5 is clicked 0258 349 167 After 6 is clicked 9468 351 207 Once you click on the 4 you have access to your account This is pretty unique and I thought is was vary ingenious, you could not determine the passcode by capturing the positions of the mouse clicks because everytime you enter your passcode the keys are in different places. Now, to increase the security of this we use the same sort of random "word" generators that are currently in place and if you want display them in a similar manner with the deformed type and all. But add the layer of security where you must enter the CAPTCHA "word" with a ever changing keyboard/pad. Using 16 keys instead of 10 would give enough choices but not take that long to find the keys needed to enter the CAPTCHA "word". Just some food for thought. This is just a brain storm (or drizzle) and thought I would put it out here and see what others thought of the idea. Chris.
Current thread:
- Thoughts on CAPTCHA Chris Barber (Apr 15)
- Re: Thoughts on CAPTCHA Ayaz Ahmed Khan (Apr 16)
- RE: Thoughts on CAPTCHA Monrad.DC (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- <Possible follow-ups>
- Re: Thoughts on CAPTCHA sameer . garg (Apr 16)
- Re: Thoughts on CAPTCHA Shreyas Zare (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA Shreyas Zare (Apr 16)
- Re: Thoughts on CAPTCHA arckeda (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Mike Preston - Technomonk Industries (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)