On Wed, 16 Aug 2006, Simon Waters wrote:
You snipped the bit where I said "It would work for a minority use."
Sorry, don't think that is relevant really - least I have no data on
what minority uses are for captchas, nor majority uses or what the
difference is.
The reason people use image recognition is it is something (most)
humans find very easy, but requires considerable investment of
effort (or resource for self training) to teach computers, and
readily permits of variations ('click the kitten' being a good
example).
Those need vast numbers of "kitten" pictures in order to be immune to
dictionary attacks. There's a reason 'captchas' consist of
auto-generated images of letters.
You can auto-generate questions too, obviously. With dictionaries of
question/answer tuples associated with some template question
language.
The tuples can be auto-generated, the strength lies in the variety of
the question forms in use across the internet and/or across a site.
The questions need not use language, they could be based on ASCII
pattern matching, e.g.:
oAwoZwoLwoC
what's the next letter, etc..
Or you could simply test people on their ability to google perhaps?
:)
For a demonstration of bashing at ASCII captchas try any good chat bot.
And for image captchas, see:
http://www.cs.sfu.ca/~mori/research/gimpy/
and there are more. CAPTCHAs are, almost by definition, compelling
problems for academia to tackle ;).
The reason no one defeated your text captcha was probably because
no one tried, but that won't remain the case if it gets popular. We
are locked in another arms race here.
Yes, that applies regardless of the form of the captcha.
Although possibly the mistake is to assume you can distinguish
between humans, and computers on the basis of intelligence.
Maybe so.
regards,
--
Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A
Fortune:
The meat is rotten, but the booze is holding out.
Computer translation of "The spirit is willing, but the flesh is weak."
