Since you are asking for review: this audio captcha is almost certainly easily breakable. Tijnema is right with most of his comments, open source voice recognition software (the code he pointed to like spynx) will break this. I disagree with his point 3) below, obfuscating the speech with different bitrates etc. will in my opinion not work. How do I know? Unfortunately i do not have the time to properly test it, but I wrote a devoicecaptcha script to break the voice captchas of microsoft, google and paypal. You can download the code and test it with your code, see http://vorm.net/captchas. So unfortunately for you it will not work against spammers, but you are in good company of people trying ;-). Regards, Jochem. Tijnema ! wrote: > > <snip> > > I would like to give a few comments on your script: > > 1) it looks like that > http://www.sperling.com/examples/captcha/tmp/access.mp3, without a > code, always returns the same value :) 284 > > 2) About the timeout, you should set it at least less then 24 hrs, i > should do about 6 hrs, that's enough for somebody to enter the code, > but a hacker doesn't want to update his code every 6 hrs. > > 3) Then about the cracking of audio, if you keep the audio files the > same, it shouldn't be too hard to crack once you can read the audio > frames. Store each few audio frames for each number, and compare them > once you want to crack it. > A very simple way to avoid this is that you generate audio on > different bit rates. and use VBR/CBR randomly. Speech recognition > isn't working very well, and i don't think it would be able to get > these numbers from the audio, but I have too less experience with > speech recognition. > > 4) You couldn't only depend on this audio thing inside a script. I > know this has been said before, but when you are using images here, it > probably makes your script more insecure. > > But it's surely nice done :) > > Tijnema > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- View this message in context: http://www.nabble.com/Audio-CAPTCHA-review-request-tf3487541.html#a9826752 Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
