I think a lot of this is just guess work if we don't know what the purpose
is. Is this to protect a login form on a web site?
One thing that I've always wondered is how well a site that has good state
management will fair against a brute force attempt.
If the user must go through 2-3 actions to login, it should be pretty easy
to determine if that sequence is being repeated more
than is normal for a human as the system can track the progress of where the
user 'is' on the server side.
-isaac
On Wed, Mar 26, 2008 at 3:28 PM, Andre Gironda <andreg_at_gmail.com> wrote:
> On Mon, Mar 24, 2008 at 2:04 PM, <dan_at_geer.org> wrote:
> > I would like to RTFM on alternatives to CAPTCHAs,
>
> I recall sending this link to Robert Auger when he was interested in
> gathering research on the current, "state-of-the-art" in CAPTCHA
> technology
> http://www.ocr-research.org.ua
>
> Do per-page tokens or another solution even partly solve the problem
> you are trying to solve?
>
> Cheers,
> Andre
> _______________________________________________
> Dailydave mailing list
> Dailydave_at_lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Received on Mar 26 2008
Intro
