Re: HN CAPTCHA at http://www.phpclasses.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

on 02/17/2006 05:10 PM tedd said the following:
> Manuel:
> 
> Your points are well taken.
> 
>> A good CAPTCHA must be fuzzy. If you know other fuzzy CAPTCHA besides
>> these, it may help to sharing that knowledge.
> 
> The CAPTCHA I was primarily referring to was the image one -- however,
> it's just another barrier.
> 
> I am sure there are all sorts of ways to fool a computer while making it
> easy for a human to comply, like "Enter the third word of the first
> paragraph"; or "What is the color of an orange?"; or presenting an easy
> question from a vast lists of questions provided at random.

That is not hard to beat because it does not make it difficult to
determine what is the question, like image and audio captchas. Therefore
that solution is vulnerable to dictionary attacks.


> While computers could be designed to answer such questions, the amount
> of time required would be better spent going after those sites that
> don't have any CAPTCHA.

It depends on the purpose of the attackers. If they want to attack
specific sites, soon or later they will figure a way to defeat them if
they have weak protection schemes.


> As for me, I'm trying to understand both sides and see if there is a
> midway solution. However, it appears that both sides are steadfastly
> rooted in their opinion. One side wants barriers and the other side
> doesn't -- mutually exclusive positions.
> 
> I can't help but think there must be a software solution.

Maybe, but this is not a trivial solution. Research and development
costs time and money to those that need to invest on it to find better
protection . People that complain against CAPTCHAs should also consider
these aspects before blaming people for not using better CAPTCHA schemes.

-- 

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux