Security Basics mailing list archives
Re: Thoughts on CAPTCHA
From: Mike Preston - Technomonk Industries <mike () technomonk com>
Date: Wed, 16 Apr 2008 17:40:35 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregory Rubin wrote: | KitttenAuth looks very similar to ASIRRA (Microsoft's contribution to the area). Wasn't familiar with this... thanks for the headsup. | I think that so long as the image library behind them is sufficiently | large (which is the biggest problem) then these would work very well | as CAPTCHAs. You can artifcially increase the size of the search space by flipping/distorting images, moving them by a single pixel within their bounding images, colour shifting them etc. All makes it slightly more difficult to bruteforce by attempting to train the system. | And though the current incarnations use AJAX, I see nothing in them | that precludes the use of normal forms without javascript. Any good system should be able to cope with a lack of JS enablement IMHO... | Greg Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgGLAMACgkQvhwPecbXDdy3DQCfbLzEWV2y9jH79MtDX6I6rz6o zsMAoIVHJfNZhJGUlAQ9B5S3I0IwTW4I =XyZ5 -----END PGP SIGNATURE-----
Current thread:
- RE: Thoughts on CAPTCHA, (continued)
- RE: Thoughts on CAPTCHA Monrad.DC (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA sameer . garg (Apr 16)
- Re: Thoughts on CAPTCHA Shreyas Zare (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Ali, Saqib (Apr 16)
- Re: Thoughts on CAPTCHA Shreyas Zare (Apr 16)
- Re: Thoughts on CAPTCHA arckeda (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)
- Re: Thoughts on CAPTCHA Mike Preston - Technomonk Industries (Apr 16)
- Re: Thoughts on CAPTCHA Gregory Rubin (Apr 16)