On Mon, 2007-06-11 at 14:57 -0400, Daniel Brown wrote: > On 6/11/07, Tijnema <tijnema@xxxxxxxxx> wrote: > > On 6/11/07, Robert Cummings <robert@xxxxxxxxxxxxx> wrote: > > > On Mon, 2007-06-11 at 14:29 -0400, Daniel Brown wrote: > > > > > > To be a bit easier, I whipped up a quick example on the web. It's > > > > > > just static images, not a working system, but you'll see what we're > > > > > > getting at here: > > > > > > http://pilotpig.net/captcha-example.php > > > > > > > > > > > > > > > > You could even use a color check here to see which color matches the best ;) > > > > > > > > > > > > > Ah, but that validates my exact point --- the system will see the > > > > overlay over the legitimate cigarette image as being image-synonymous > > > > with the snake as an option by color pattern, while the parent image > > > > matches best with the first child option image in shape. > > > > > > Not as easy as Tijnema thinks... all the icons are in a single image so > > > first he needs to find the icon boundaries to extract them to perform > > > colour analysis. And that can be more or less hard depending on how the > > > icons are merged. For instance using PNG images with alpha transparency > > > so that an overlay and merge looks right would make edge detection of > > > the icon difficult ths making colour analysis difficult. > > > > Sure, but what if I convert the image first to JPEG or GIF? GIF would > > be the easiest option I think, because if I convert both then I could > > easily count the color of each pixel and you can call the job done. :) > > > > > Also, the > > > colour analysis only works in the case where you're presented with an > > > image and asked to pick the same image form the set. It doesn't work in > > > the semantic example where you are asked "which of the following doesn't > > > belong?" :) > > > > Of course, it was just an easy example, as there could be images > > presented with exactly the same color. Different CAPTCHA program needs > > different kind of hack... > > > > Tijnema > > > > Not to mention the fact that, by the time your processor was able > to count the pixels and compare color similarities to be able to even > get close enough to an educated guess (not counting the > randomly-generated filter color pixels, which I think you're > forgetting), my session would've expired and you'd have to start all > over on a new series of images. > > Which actually brings up an excellent point, if I may say so > myself --- it's not so much of what kind of obfuscation is used in the > CAPTCHA image, as any good Turing robot or OCR software could detect > the sequence almost as well as a human (if not better in some > cases).... but it can take a while to do so. Why not shorten the > session timeout for the page on which it's displayed? > > Have two separate areas --- area one is for registration, data > submission, or whatever you're trying to de-automate; area two is your > CAPTCHA area. Upon submitting the data, and to verify the > authenticity as a human intending to submit said data, a page is > displayed with four slightly skewed characters on a random background > with a random filter. The user has 15 seconds to type in the > characters he or she sees. The only characters which exist are > UPPER-CASE letters ABCDEF. The user can then easily distinguish which > letter is which, but a robot would only have those fifteen seconds to > do the same. This means a combination of 6^4, which is 1,296 > potential combinations to try to match in 15 seconds or less. > > Not bank-level security, by any means, but something to expand on, > considering I don't think any existing CAPTCHA technology focuses on > time limitations, but rather only on making it more annoying for the > average user to submit form data. OCR is extremely fast. I've done work in the past using OCR and while it was simple text in documents, the OCR program could extract the text from the image of a magazine page in about a second. For simplistic displays of text, or even only slight noise, the OCR will beat human hands down every time. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php