At 8:49 AM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 08:46 -0400, tedd wrote:
At 1:21 AM -0700 4/9/07, Micky Hulse wrote:
>Maybe use flash for this... harder to crack? (Of course, Flash will
>open door to other problems.)
>
>Sorry, coming in on this late. Good work Tedd! Very interesting.
M:
Tijnema showed how MD5 could be used to identify an image file and
crack my arrow captcha. That's really what this thread was about. I
finally came up with enough variations to make it impractical.
However, this did make me wonder about the images that M$ and others
are using for captchas -- like find the kitty in a set of pictures.
The MD5 application could be used to identify as many pictures as any
spammer would need. So, I think MD5 method, as described in this
thread, would work very well to crack those type of captchas.
I doubt Microsoft is using a static image repository for captchas.
Cheers,
Rob.
I doubt that their image repository infinite.
Plus, I envision a method where a bot could:
1. Scan the site, gather the images and key phrase.
2 MD5 the images.
3. Place all the MD5's with the associate key phrase in a dB.
4. Refresh and repeat.
With repeated refreshes (not attempts at trying to enter), the key
phrases associated with the MD5's will build and the bot will learn.
It works like this -- the phrase "find the kitty" or key word "kitty"
will always be associated with the picture of the kitty WHEN "kitty"
is the solution. All other key phrases/words associated with the
kitty picture will eventually "stack out" as just be background noise
as data is gathered.
As such, a bot could have a foundation at making an intelligent
guess. Also, every guess (successful or not) provides even more data
to be considered. The more data gathered, the better the guess.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
