Re: Going from simple to super CAPTCHA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2007-06-12 at 11:56 -0400, Robert Cummings wrote:
> On Tue, 2007-06-12 at 11:49 -0400, tedd wrote:
> > At 2:12 PM +0100 6/12/07, Stut wrote:
> > >The submit image is bigger than the circle, and I'm guessing Tedd is 
> > >checking the coords passed through.
> > >
> > >-Stut
> > 
> > Yes, that's all the technique does for now. It just checks the submit 
> > x and submit y and determines if those coordinates lie within the 
> > circle.
> > 
> > I fixed the empty submit x/y that Tijnema & Rob found, but that was 
> > my fault for not validating input -- but that doesn't invalidate the 
> > method.
> > 
> > Please pardon my ignorance, but what I'm trying to understand is -- 
> > how can a bot click and determine the correct x/y coordinates to pass 
> > the test -- how do they do that?
> > 
> > If it's just find the dot, then I could just as easily throw up other 
> > images (pig, chicken, diamond, heart) and have the use click the 
> > correct image (i.e., please click the heart).
> > 
> > And, I could even morph the key image and provide it among others 
> > asking the user to click the image that comes close to the key image.
> > 
> > Now, how is a bot going to figure that out?
> 
> Finding a circle on a white background is easy. Finding a circle on a
> random background is fairly easy if it's the only circle. Find an
> arbitrary image within an image is a lot harder, but the same is true
> for humans unless it can in some way be clearly distinguished. However,
> you have another problem. let's say your image is 1000 x 1000 pixels.
> And you're random whatever shape sub-image is 100 x 100 pixels. This
> means you have 1000000 px^2 universe area, and 10000 px^2 image area. As
> such, a random guess at a correct pixel will succeed:
> 
>     (10000 * 100) / 1000000 = .10 = 10% of the time

Bad math alert... (10000 * 100) / 1000000 = 10    ;)

Still the same answer though, was just mixing what I wrote with what I
was thinking :)

Cheers,
Rob.
-- 
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for       |
| creating re-usable components quickly and easily.          |
`------------------------------------------------------------'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux