<snip> I would like to give a few comments on your script: 1) it looks like that http://www.sperling.com/examples/captcha/tmp/access.mp3, without a code, always returns the same value :) 284 2) About the timeout, you should set it at least less then 24 hrs, i should do about 6 hrs, that's enough for somebody to enter the code, but a hacker doesn't want to update his code every 6 hrs. 3) Then about the cracking of audio, if you keep the audio files the same, it shouldn't be too hard to crack once you can read the audio frames. Store each few audio frames for each number, and compare them once you want to crack it. A very simple way to avoid this is that you generate audio on different bit rates. and use VBR/CBR randomly. Speech recognition isn't working very well, and i don't think it would be able to get these numbers from the audio, but I have too less experience with speech recognition. 4) You couldn't only depend on this audio thing inside a script. I know this has been said before, but when you are using images here, it probably makes your script more insecure. But it's surely nice done :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php