Security Basics mailing list archives

Re: Thoughts on CAPTCHA

From: Mike Preston - Technomonk Industries <mike () technomonk com>
Date: Wed, 16 Apr 2008 17:40:35 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregory Rubin wrote:
| KitttenAuth looks very similar to ASIRRA (Microsoft's contribution to
the area).

Wasn't familiar with this... thanks for the headsup.

| I think that so long as the image library behind them is sufficiently
| large (which is the biggest problem) then these would work very well
| as CAPTCHAs.

You can artifcially increase the size of the search space by
flipping/distorting images, moving them by a single pixel within their
bounding images, colour shifting them etc. All makes it slightly more
difficult to bruteforce by attempting to train the system.

| And though the current incarnations use AJAX, I see nothing in them
| that precludes the use of normal forms without javascript.

Any good system should be able to cope with a lack of JS enablement IMHO...

| Greg

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgGLAMACgkQvhwPecbXDdy3DQCfbLzEWV2y9jH79MtDX6I6rz6o
zsMAoIVHJfNZhJGUlAQ9B5S3I0IwTW4I
=XyZ5
-----END PGP SIGNATURE-----

Current thread:

RE: Thoughts on CAPTCHA, (continued)
- RE: Thoughts on CAPTCHA Monrad.DC (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA sameer . garg (Apr 16)
  - Re: Thoughts on CAPTCHA Shreyas Zare (Apr 16)
    - Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
    - Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA arckeda (Apr 16)
  - Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
    - Re: Thoughts on CAPTCHA Mike Preston - Technomonk Industries (Apr 16)