On Mon, 2007-04-09 at 09:45 -0400, tedd wrote: > At 8:49 AM -0400 4/9/07, Robert Cummings wrote: > >On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: > >> At 1:21 AM -0700 4/9/07, Micky Hulse wrote: > >> >Maybe use flash for this... harder to crack? (Of course, Flash will > >> >open door to other problems.) > >> > > >> >Sorry, coming in on this late. Good work Tedd! Very interesting. > >> > >> > >> M: > >> > >> Tijnema showed how MD5 could be used to identify an image file and > >> crack my arrow captcha. That's really what this thread was about. I > >> finally came up with enough variations to make it impractical. > >> > >> However, this did make me wonder about the images that M$ and others > >> are using for captchas -- like find the kitty in a set of pictures. > >> The MD5 application could be used to identify as many pictures as any > >> spammer would need. So, I think MD5 method, as described in this > >> thread, would work very well to crack those type of captchas. > > > >I doubt Microsoft is using a static image repository for captchas. > > > >Cheers, > >Rob. > > I doubt that their image repository infinite. > > Plus, I envision a method where a bot could: > > 1. Scan the site, gather the images and key phrase. > > 2 MD5 the images. > > 3. Place all the MD5's with the associate key phrase in a dB. > > 4. Refresh and repeat. > > With repeated refreshes (not attempts at trying to enter), the key > phrases associated with the MD5's will build and the bot will learn. > > It works like this -- the phrase "find the kitty" or key word "kitty" > will always be associated with the picture of the kitty WHEN "kitty" > is the solution. All other key phrases/words associated with the > kitty picture will eventually "stack out" as just be background noise > as data is gathered. > > As such, a bot could have a foundation at making an intelligent > guess. Also, every guess (successful or not) provides even more data > to be considered. The more data gathered, the better the guess. Hi Tedd, Put down the crack pipe please... captcha images are usually generated on the fly. Their image repository is 0. Their image universe is all of the permutations of an image containing all of the range of serial codes embedded in the images according to their morphing routine. I highly doubt the US Government could afford the space required to store all of the permutations. Considering the number of bytes available to a dynamically generated image, it is highly likely that the images would be capable of exhausting the entire md5 universe. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php