Robert Cummings wrote: >On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: > > >>At 9:58 AM -0400 4/9/07, Robert Cummings wrote: >> >> >> >>>Hi Tedd, >>> >>>Put down the crack pipe please... captcha images are usually generated >>>on the fly. Their image repository is 0. Their image universe is all of >>>the permutations of an image containing all of the range of serial codes >>>embedded in the images according to their morphing routine. I highly >>>doubt the US Government could afford the space required to store all of >>>the permutations. Considering the number of bytes available to a >>>dynamically generated image, it is highly likely that the images would >>>be capable of exhausting the entire md5 universe. >>> >>>Cheers, >>>Rob. >>> >>> >>Rob: >> >>Duh -- put down the joint and stay on the subject. We were talking >>about M$'s "picture" captcha where they show pictures and ask a >>question like "Pick the picture that shows a kitty" and NOT an "on >>the fly" graphic captcha. There are different types of captchas. >> >> > >Ah, I see. I was too lazy to go check since I don't use Microsoft except >insofar as to make things work in their crappy browser. Either way, can >you verify the images are static? See if getting two kitty cats produces >the same md5 signature :) Just because it's a picture doesn't invalidate >what I said. > >Cheers, >Rob. > > Steganography has been able to "hide" text in images for quite some time now. Basically you cram whatever info you want into the 'unused' or 'less used' bytes of the image. With this in mind I imagine even if you did have an image repository of only 8 images you could add some random bytes to the right spots in the image without distorting it beyond recognition/corrupting it, and therefore get a hybrid of static/on-the-fly images, that hashing couldn't break so simply. 2 cents... Travis Doherty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php