Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Dare AI Experts To Crack New GOTCHA Password Scheme

Posted by samzenpus on from the broken-in-3-2-1 dept.

alphadogg writes "If you can't tell the difference between an inkblot that looks more like 'body builder lady with mustache and goofy in the center' than 'large steroid insect with big eyes,' then you can't crack passwords protected via a new scheme created by computer scientists that they've dubbed GOTCHA. GOTCHA, a snappy acronym for the decidedly less snappy Generating panOptic Turing Tests to Tell Computers and Humans Apart, is aimed at stymying hackers from using computers to figure out passwords, which are all too often easy to guess. GOTCHA, like its ubiquitous cousin CAPTCHA, relies on visual cues that typically only a human can appreciate. The researchers don't think that computers can solve the puzzles and have issued a challenge to fellow security researchers to use artificial intelligence to try to do so. You can find the GOTCHA Challenge here."

7 of 169 comments (clear)

  1. You've gotta be kidding me by artor3 · · Score: 5, Informative

    Did the researchers ever try having someone not on their team pass this test? There's no way anyone could figure out which ink blot is which unless they were involved in the naming process.

    1. Re:You've gotta be kidding me by blane.bramble · · Score: 5, Informative

      That is the whole point I believe - as part of the process *you* name the ink blots that were generated for you. Then next time you log in you match them back up.

    2. Re:You've gotta be kidding me by dido · · Score: 4, Informative

      I not only read the article but also the associated paper, and it seems that the proposed scheme involves precisely that. They generate some random inkblots and you have to give them some imaginative descriptions. Nevertheless I remain unconvinced that this is a good idea from a usability standpoint. I haven't even been able to find a link to a working mock-up of the system in action, so I could try it out.

      --
      Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
  2. Even I can't crack these... by ignoramus · · Score: 2, Informative

    According to this challenge, I'm totally failing the Turing test. Is http://www.cs.cmu.edu/~jblocki/GOTCHA-Challenge_files/Account%200Inkblot4.jpg really a "robot on a skateboard like thing" to anyone here? What am I missing?

  3. Re:tried it by Chatterton · · Score: 4, Informative

    You just don't need to remember 1 password, but 11 of them to log in... What an improvement !!! :)

  4. Re:tried it by Dachannien · · Score: 5, Informative

    Presumably, in a real-world scenario, you give your own labels when you register for an account. This would hopefully mean you would form a persistent correlation between the labels and the images. But their multicolor inkblots are so indistinct from each other that I think I would have difficulty labeling each image in the first place.

  5. Re:MechanicalTurk by leonardluen · · Score: 3, Informative

    i believe what happens is that the "bad guys" set up a page containing free porn. but in order to view the porn you have to solve a captcha.

    when horny teenager shows up to look at the porn, a bot goes out to the target site you want to compromise and grabs their captcha. you then present the captcha to the horny teenager and have them solve it for you. the bot then enters the info on the target site and just "proved" it was human and so now can do things that only humans are allowed to do. meanwhile the horny teenager is happily looking at the free porn and will probably come back the next day to solve another captcha for you.