Re: MD5 & bot Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/9/07, Travis Doherty <travis@xxxxxxxxxxxxx> wrote:
Robert Cummings wrote:

>On Mon, 2007-04-09 at 12:51 -0400, tedd wrote:
>
>
>>At 9:58 AM -0400 4/9/07, Robert Cummings wrote:
>>
>>
>>
>>>Hi Tedd,
>>>
>>>Put down the crack pipe please... captcha images are usually generated
>>>on the fly. Their image repository is 0. Their image universe is all of
>>>the permutations of an image containing all of the range of serial codes
>>>embedded in the images according to their morphing routine. I highly
>>>doubt the US Government could afford the space required to store all of
>>>the permutations. Considering the number of bytes available to a
>>>dynamically generated image, it is highly likely that the images would
>>>be capable of exhausting the entire md5 universe.
>>>
>>>Cheers,
>>>Rob.
>>>
>>>
>>Rob:
>>
>>Duh -- put down the joint and stay on the subject. We were talking
>>about M$'s "picture" captcha where they show pictures and ask a
>>question like "Pick the picture that shows a kitty" and NOT an "on
>>the fly" graphic captcha. There are different types of captchas.
>>
>>
>
>Ah, I see. I was too lazy to go check since I don't use Microsoft except
>insofar as to make things work in their crappy browser. Either way, can
>you verify the images are static? See if getting two kitty cats produces
>the same md5 signature :) Just because it's a picture doesn't invalidate
>what I said.
>
>Cheers,
>Rob.
>
>
Steganography has been able to "hide" text in images for quite some time
now.  Basically you cram whatever info you want into the 'unused' or
'less used' bytes of the image.

With this in mind I imagine even if you did have an image repository of
only 8 images you could add some random bytes to the right spots in the
image without distorting it beyond recognition/corrupting it, and
therefore get a hybrid of static/on-the-fly images, that hashing
couldn't break so simply.

2 cents...

Travis Doherty

This is exactly what tedd did in his last arrow example. He edited the
header of the GIF image, and so that would result in different MD5.

Finding this part and skipping it in the MD5 check would do the job. :)

Tijnema

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux