At 7:32 PM +0200 3/29/07, Tijnema ! wrote:
Yes, it's nice made, i see you didn't stored anything in sessions except PHPSESSID, which you probably use to verify the code entered. Atleast, that's what i think, i hope you didn't use IP ;)
No, it's just uses sessions to keep track of the visitor. However, if two (or more) visitors were hitting the site at the same time, the key might unexpectedly change for them.
But, this is crackable. To crack this, the cracker should get the audio file from the server, and parse it. Since you use the same audio piece for each number, you should get the voice part of each number, and then parse the downloaded file and check which number it matches :)
I could throw some background noise into it that would make it difficult to crack that way, but then that would present the same problem as experienced in Graphic CAPTCHA's -- they become too noisy to resolve. Funny how this stuff is just variations of a theme.
It won't be easy, and probably not everyone is able to crack this. But it is possible :) If you don't believe me, i am able to prove it, but that takes some time :) Tijnema
Well.. that's the point, namely to make it difficult. As I've said before, anything a computer can generate another computer can interpret -- it just takes time and effort.
Thanks for your review, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
