Home page logo
/

basics logo Security Basics mailing list archives

Re: Thoughts on CAPTCHA
From: Mike Preston - Technomonk Industries <mike () technomonk com>
Date: Wed, 16 Apr 2008 17:40:35 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregory Rubin wrote:
| KitttenAuth looks very similar to ASIRRA (Microsoft's contribution to
the area).

Wasn't familiar with this... thanks for the headsup.

| I think that so long as the image library behind them is sufficiently
| large (which is the biggest problem) then these would work very well
| as CAPTCHAs.

You can artifcially increase the size of the search space by
flipping/distorting images, moving them by a single pixel within their
bounding images, colour shifting them etc. All makes it slightly more
difficult to bruteforce by attempting to train the system.

| And though the current incarnations use AJAX, I see nothing in them
| that precludes the use of normal forms without javascript.

Any good system should be able to cope with a lack of JS enablement IMHO...

| Greg

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgGLAMACgkQvhwPecbXDdy3DQCfbLzEWV2y9jH79MtDX6I6rz6o
zsMAoIVHJfNZhJGUlAQ9B5S3I0IwTW4I
=XyZ5
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]