On Tuesday, April 17, 2001 at 7:27 PM Gianni Johansson wrote:
> On Tuesday 17 April 2001 14:02, you wrote:
> > > On Tue, Apr 17, 2001 at 12:43:45PM -0400, Gianni Johansson wrote:
> > > Check this out:
> > And another suggestion: perhaps some kind of checksum in the Human
> > Readable Key Value so that you know you have transcribed it correctly?
> I thought about that. My fear is that a checksum scheme would be
exploited by
> would be attackers to reduce the computation needed to OCR the image.
>
> I am not that familiar with image processing / OCR so I don't know how
> vulnerable the current scheme is. Maybe it is a non issue.
Looking at the submission_client0.png client screenshot and my basic
Computer Vision knowledge, I'd guess that it would be relatively easy to
remove the horizontal and vertical lines. This leaves just the digits, which
shouldn't be that hard to OCR using a 'standard' OCR program (although it'd
take a bit of effort).
I don't know how you generate the image, but I would suggest having digits
in more than one font (I notice you do move some of the digits vertically,
but I'm not sure as to how much effect that would have on fooling an OCR
program, still it's better there than not). It would probably be beneficial
to introduce more random variation in the overlaid noise, in addition to
lines, add circles, etc. (circles are harder to detect and remove, but still
not that difficult).
You should not just think about standard OCR program's the read a whole page
of text including interspersed images, etc. as in this case we're not
looking for anything other than a single line of data (perhaps two rows of
text, offset slightly, but overlaid on top of one another such that the two
lines 'run-into' each other would be human-readable but much more difficult
for a machine.
In Computer Vision, the majority of the time, greyscale images are used for
analysis, so perhaps a colour image 'set' to convert to a 'horrible mess'
when converted to greyscale would be an idea (I guess if digits alternate in
colour it would be harder, though not that difficult, to get around this by
splitting the image into its seperate constituent colours).
Assuming I remember the earlier thread properly (ie. how the key entered is
used) another idea, would be to ask for a word in addition to the key, an
obscured/noisy word is much easier for a human to decode than OCR, although
obviously a dictionary lookup is an obvious attack on this.
Just my 2p worth.
--
Matthew Burnham
[EMAIL PROTECTED]
_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/devl
