Posted by Mike P2 on 05/09/07 23:34

On May 9, 1:25 pm, "Jon Slaughter" <Jon_Slaugh...@Hotmail.com> wrote:
> I was thinking about a way to use a similar idea but to dramatically
> increase the ability to thawrt bots.
>
> The idea is to use the idea that humans can use context and patterns to
> understand much better than computers in such cases as the following,
>
> http://www.simplebits.com/notebook/2004/01/16/mipellssed_wdors.html
>
> So the idea is to ask the user a very simple questions that is written using
> misspelled words and such so that it makes it almost impossible for
> computers to recognize what the answer is. The question can be graphically
> manipulated so that its also visually harder to figure out like a normal
> captcha.
>
> Besides changing the order of the letters in a word one can deliberately
> change letters so that the word doesn't make sense but in the context is not
> difficult for a human. One can even use bad grammar and a few other things
> to make it more difficult.
>
> I was thinking that one could create a very large database of such things in
> different languages that sites could use.
>
> What do you guys think?
>
> Jon

Cool idea!

Don't let up on scrambling the image, though, because I think it would
then still be possible for coders to decode the image into plain text
(like they do now) and bruteforce every possible mix of the letters
against your database, if anyone who can pay you with Paypal can get
their hands on a copy of the database. Or better yet, a MySQL 'LIKE'
comparison with a wildcard in the middle.

I think another important factor in human verification images would be
differentiation between websites. All phpBB forums using the same
CAPTCHA code would be easier to write a script for that can fool all
of them than many distributions of a verification image script that
acts slightly different depending on it's environment, like whoever
manages the website can make their own backgrounds, or add some more
variation by entering a secret word or number on which calculations
will be based.

Good luck!

-Mike PII

• Next in forum: Re: Complete newbie looking for a little help
• Prev in forum: Re: Complete newbie looking for a little help
• Thread view: Re: captchas

[Reply to this message]