On 6/11/07, Daniel Brown <parasane@xxxxxxxxx> wrote:
On 6/11/07, Tijnema <tijnema@xxxxxxxxx> wrote: > On 6/11/07, Robert Cummings <robert@xxxxxxxxxxxxx> wrote: > > On Mon, 2007-06-11 at 14:29 -0400, Daniel Brown wrote: > > > > > To be a bit easier, I whipped up a quick example on the web. It's > > > > > just static images, not a working system, but you'll see what we're > > > > > getting at here: > > > > > http://pilotpig.net/captcha-example.php > > > > > > > > > > > > > You could even use a color check here to see which color matches the best ;) > > > > > > > > > > Ah, but that validates my exact point --- the system will see the > > > overlay over the legitimate cigarette image as being image-synonymous > > > with the snake as an option by color pattern, while the parent image > > > matches best with the first child option image in shape. > > > > Not as easy as Tijnema thinks... all the icons are in a single image so > > first he needs to find the icon boundaries to extract them to perform > > colour analysis. And that can be more or less hard depending on how the > > icons are merged. For instance using PNG images with alpha transparency > > so that an overlay and merge looks right would make edge detection of > > the icon difficult ths making colour analysis difficult. > > Sure, but what if I convert the image first to JPEG or GIF? GIF would > be the easiest option I think, because if I convert both then I could > easily count the color of each pixel and you can call the job done. :) > > > Also, the > > colour analysis only works in the case where you're presented with an > > image and asked to pick the same image form the set. It doesn't work in > > the semantic example where you are asked "which of the following doesn't > > belong?" :) > > Of course, it was just an easy example, as there could be images > presented with exactly the same color. Different CAPTCHA program needs > different kind of hack... > > Tijnema > Not to mention the fact that, by the time your processor was able to count the pixels and compare color similarities to be able to even get close enough to an educated guess (not counting the randomly-generated filter color pixels, which I think you're forgetting), my session would've expired and you'd have to start all over on a new series of images.
Do you realize what a quite good machine(Let's say 2.2 Ghz Dual Core) can do in a few seconds? IIRC, a 2.2Ghz Dual Core machine has 88 Gigaflops, which means it can do 88000000000 commands in 1 second*. That's enough to analyze the full image and compare the colors with each other.
Which actually brings up an excellent point, if I may say so myself --- it's not so much of what kind of obfuscation is used in the CAPTCHA image, as any good Turing robot or OCR software could detect the sequence almost as well as a human (if not better in some cases).... but it can take a while to do so. Why not shorten the session timeout for the page on which it's displayed? Have two separate areas --- area one is for registration, data submission, or whatever you're trying to de-automate; area two is your CAPTCHA area. Upon submitting the data, and to verify the authenticity as a human intending to submit said data, a page is displayed with four slightly skewed characters on a random background with a random filter. The user has 15 seconds to type in the characters he or she sees. The only characters which exist are UPPER-CASE letters ABCDEF. The user can then easily distinguish which letter is which, but a robot would only have those fifteen seconds to do the same. This means a combination of 6^4, which is 1,296 potential combinations to try to match in 15 seconds or less. Not bank-level security, by any means, but something to expand on, considering I don't think any existing CAPTCHA technology focuses on time limitations, but rather only on making it more annoying for the average user to submit form data. -- Daniel P. Brown
Same here, computers are way too fast for these things, and what about somebody at a dialup connection? it might take 2 seconds to load the page, 5 seconds for the CAPTCHA image, 7 seconds to type the word, and 3 seconds to submit the page. You would end up in 17 seconds... Note that typing it in 7 seconds is quite fast, especiall when you look at people with some kind of handicap... Tijnema * At peak performance, and of course there's OS running etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
