Hello, on 02/17/2006 05:10 PM tedd said the following: > Manuel: > > Your points are well taken. > >> A good CAPTCHA must be fuzzy. If you know other fuzzy CAPTCHA besides >> these, it may help to sharing that knowledge. > > The CAPTCHA I was primarily referring to was the image one -- however, > it's just another barrier. > > I am sure there are all sorts of ways to fool a computer while making it > easy for a human to comply, like "Enter the third word of the first > paragraph"; or "What is the color of an orange?"; or presenting an easy > question from a vast lists of questions provided at random.
That is not hard to beat because it does not make it difficult to determine what is the question, like image and audio captchas. Therefore that solution is vulnerable to dictionary attacks. > While computers could be designed to answer such questions, the amount > of time required would be better spent going after those sites that > don't have any CAPTCHA. It depends on the purpose of the attackers. If they want to attack specific sites, soon or later they will figure a way to defeat them if they have weak protection schemes. > As for me, I'm trying to understand both sides and see if there is a > midway solution. However, it appears that both sides are steadfastly > rooted in their opinion. One side wants barriers and the other side > doesn't -- mutually exclusive positions. > > I can't help but think there must be a software solution. Maybe, but this is not a trivial solution. Research and development costs time and money to those that need to invest on it to find better protection . People that complain against CAPTCHAs should also consider these aspects before blaming people for not using better CAPTCHA schemes. -- Regards, Manuel Lemos Metastorage - Data object relational mapping layer generator http://www.metastorage.net/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
