On 6/11/07, Tijnema <tijnema@xxxxxxxxx> wrote:
On 6/11/07, Daniel Brown <parasane@xxxxxxxxx> wrote: > On 6/11/07, Tijnema <tijnema@xxxxxxxxx> wrote: > > On 6/11/07, Robert Cummings <robert@xxxxxxxxxxxxx> wrote: > > > On Mon, 2007-06-11 at 14:29 -0400, Daniel Brown wrote: > > > > > > To be a bit easier, I whipped up a quick example on the web. It's > > > > > > just static images, not a working system, but you'll see what we're > > > > > > getting at here: > > > > > > http://pilotpig.net/captcha-example.php > > > > > > > > > > > > > > > > You could even use a color check here to see which color matches the best ;) > > > > > > > > > > > > > Ah, but that validates my exact point --- the system will see the > > > > overlay over the legitimate cigarette image as being image-synonymous > > > > with the snake as an option by color pattern, while the parent image > > > > matches best with the first child option image in shape. > > > > > > Not as easy as Tijnema thinks... all the icons are in a single image so > > > first he needs to find the icon boundaries to extract them to perform > > > colour analysis. And that can be more or less hard depending on how the > > > icons are merged. For instance using PNG images with alpha transparency > > > so that an overlay and merge looks right would make edge detection of > > > the icon difficult ths making colour analysis difficult. > > > > Sure, but what if I convert the image first to JPEG or GIF? GIF would > > be the easiest option I think, because if I convert both then I could > > easily count the color of each pixel and you can call the job done. :) > > > > > Also, the > > > colour analysis only works in the case where you're presented with an > > > image and asked to pick the same image form the set. It doesn't work in > > > the semantic example where you are asked "which of the following doesn't > > > belong?" :) > > > > Of course, it was just an easy example, as there could be images > > presented with exactly the same color. Different CAPTCHA program needs > > different kind of hack... > > > > Tijnema > > > > Not to mention the fact that, by the time your processor was able > to count the pixels and compare color similarities to be able to even > get close enough to an educated guess (not counting the > randomly-generated filter color pixels, which I think you're > forgetting), my session would've expired and you'd have to start all > over on a new series of images. Do you realize what a quite good machine(Let's say 2.2 Ghz Dual Core) can do in a few seconds? IIRC, a 2.2Ghz Dual Core machine has 88 Gigaflops, which means it can do 88000000000 commands in 1 second*. That's enough to analyze the full image and compare the colors with each other. > > Which actually brings up an excellent point, if I may say so > myself --- it's not so much of what kind of obfuscation is used in the > CAPTCHA image, as any good Turing robot or OCR software could detect > the sequence almost as well as a human (if not better in some > cases).... but it can take a while to do so. Why not shorten the > session timeout for the page on which it's displayed? > > Have two separate areas --- area one is for registration, data > submission, or whatever you're trying to de-automate; area two is your > CAPTCHA area. Upon submitting the data, and to verify the > authenticity as a human intending to submit said data, a page is > displayed with four slightly skewed characters on a random background > with a random filter. The user has 15 seconds to type in the > characters he or she sees. The only characters which exist are > UPPER-CASE letters ABCDEF. The user can then easily distinguish which > letter is which, but a robot would only have those fifteen seconds to > do the same. This means a combination of 6^4, which is 1,296 > potential combinations to try to match in 15 seconds or less. > > Not bank-level security, by any means, but something to expand on, > considering I don't think any existing CAPTCHA technology focuses on > time limitations, but rather only on making it more annoying for the > average user to submit form data. > > > -- > Daniel P. Brown Same here, computers are way too fast for these things, and what about somebody at a dialup connection? it might take 2 seconds to load the page, 5 seconds for the CAPTCHA image, 7 seconds to type the word, and 3 seconds to submit the page. You would end up in 17 seconds... Note that typing it in 7 seconds is quite fast, especiall when you look at people with some kind of handicap... Tijnema * At peak performance, and of course there's OS running etc.
Yes, but I don't think you understand that it was just an idea in the infantile stages. I'm going to try to knock out a proof-of-concept later this week if I can to bring some of it together. -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
