Re: MD5 & bot Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 8:11 PM -0500 4/10/07, Richard Lynch wrote:

On Tue, April 10, 2007 7:47 am, tedd wrote:

 Your use of metaphor is quite colorful, but if you if change a single
 pixel in an image, then you change the MD5 signature -- that is what
 I was talking about -- and that is not wrong.


Unless I look at enough images to figure out that you are just
changing N random pixels, and I construct a "distance" function to
compute how "different" image A is from image X, where I already know
X points "up"

http://php.net/imagecolorat

can be used to do exactly this.

In fact, I've done that to break a CAPTCHA that had random "noise"
pixels added to the text.

Actually, I was able to remove the "noise" first and then compute
distance function for character by character analysis of the text on
the image.

I do not understand why you are obsessing on the MD5 "crack" when it's
probably not the weapon that would be chosen, unless your CAPTCHA is
so lame that it's susceptible to an MD5 crack...

If it's not that lame, then the attacker just doesn't use an MD5
signature, and employs another technique.

Have we not been through this whole thread enough times already?


Apparently not enough times because, no offense, you missed the point.
We are not talking about how one could break this type of captcha, we were talking about how this captcha could be broken by a MD5 method and what steps could be taken to make it unbreakable by that method. It was a learning exercise as to the scope and use of MD5. That's it -- that's all. See the subject line.
If you want to talk about other ways to break this type of captcha, then pease do. I am sure that I could learn a lot from you -- and I expect to do so.
But please don't infer that we are obsessing about a topic we are discussing; or that my work is lame when it was designed to test one point; or state that I'm wrong because you didn't understand what I said in context. That's not constructive nor right. 

Cheers,

tedd

--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux