Slashdot Mirror
Analyzing CAPTCHAs
Bruce Schneier's blog pointed me to a research paper on
"Attacks and Design of Image Recognition CAPTCHAs" (PDF). The abstract says, "We systematically study the design of image recognition CAPTCHAs (IRCs) in this paper. We first review and examine all IRCs schemes known to us and evaluate each scheme against the practical requirements in CAPTCHA applications, particularly in large-scale real-life applications such as Gmail and Hotmail."
I wonder how long until we have no way of distinguishing a bot from a person. existing CAPTCHAs don't work all that well, and I can't see future ones working much better for very long. The Cylons are among us! Any one of us could be one!
There are only so many such images available for use, and the image library could fairly easily be exhausted and all of the images correctly identified at which point a bot could be used with near-100% accuracy.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
At some point, CAPTCHAs will reach the point where ONLY a bot can get past them.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Then they’re designed wrong.
You should at least skim over the paper, that’s actually a significant portion of what it’s focused on... finding something that humans are good at and bots are not. As better bots have been written, that may have changed significantly... most present CAPTCHA systems are relatively broken.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Seriously, what use of are captchas anymore when they pay actual humans to do the dirty work? I got like hundreds of fake users with IPs from India and China in my forums, that sign up just for putting a CEO tailored message and URL in their signature.
Reverse image searches like TinEye blow this idea out of the water before it's even begun.
May the Maths Be with you!