Posted by Jim Michaels on 02/18/06 07:20

"frizzle" <phpfrizzle@gmail.com> wrote in message
news:1139313323.133826.179460@o13g2000cwo.googlegroups.com...
> Jerry Stuckle wrote:
>> frizzle wrote:
>> > Thanks, indeed that's what i meant.
>> > Apparently it's a weaker system then i imagined.
>> > I guess i'll have to find another alternative again ... :(
>> >
>> > Greetings Frizzle.
>> >
>> >
>> > Jim Michaels wrote:
>> >
>> >>"frizzle" <phpfrizzle@gmail.com> wrote in message
>> >>news:1138227180.394441.177630@z14g2000cwz.googlegroups.com...
>> >>
>> >>>Carl Vondrick wrote:
>> >>>
>> >>>>You may want to look into Mcrypt
>> >>>>(http://us3.php.net/manual/en/ref.mcrypt.php). But, with Peter said,
>> >>>>what are you really try to achieve?
>> >>>
>> >>>What i'm trying to do is build a way of security that a human is
>> >>>submitting a form.
>> >>>I know there are ways out there already, but i also have other
>> >>>purposes
>> >>>in mind.
>> >>>
>> >>>Example:
>> >>>
>> >>>Image random generated according to key 1:
>> >>>
>> >>> image.php?txt=kjGKUGFfas8gkjafKfasdf
>> >>>
>> >>>The image is a php file, getting $_GET['txt'], decrypt it according
>> >>>key 1, and encrypt it according to key 2. The second encrypting
>> >>>becomes visible in the actual image.
>> >>>
>> >>>I have a have a hidden form field with the value of key 1, and the
>> >>>visitor has to insert the text from the image / key 2 into a form
>> >>>field.
>> >>>
>> >>>Then after posting i compare the decrypted hidden formfield's value
>> >>>against the user submitted value ( / image's value). if they match,
>> >>>the user read the image, and is human ...
>> >>
>> >>Not sure, but sounds like a CAPTCHA. They can be OCR'd
>> >>(http://www.ocr-research.org.ua/ ) from what I found in an earlier
>> >>post.
>> >>
>> >>
>> >>>It might sound stupid, sloppy or whatever, but i'm just trying to
>> >>>achieve my goal.
>> >>>
>> >>>Thanks.
>> >>>
>> >
>> >
>>
>> Why? Is this a high security site?
>>
>> OCR'ing CAPTCHA images does take time and effort - each one is typically
>> different. What would be on your site which would require that much
>> effort?
>>
>> Not to denigrate your site in any form - but the fact is, spammers
>> et.al. wouldn't bother with 99.99999% of the CAPTCHA images. They'll
>> just go onto another site.
>>
>> It's like your front door. Your lock isn't unpickable - it just
>> requires time and effort on a burglar's part to pick. However, you lock
>> your door anyway, because it's a deterrent - the burglar will most
>> likely move on (unless you're storing Fort Knox inside).
>>
>>
>> --
>> ==================
>> Remove the "x" from my email address
>> Jerry Stuckle
>> JDS Computer Training Corp.
>> jstucklex@attglobal.net
>> ==================
>
> Well you're probably right, but i also still haven't found a 'good'
> CAPTCHA method that doesn't rely on sessions.
>
> I'd like to have two inputs: 1 by the user, and one hidden formfield,
> each with their own decryption key, and compare those,
> but i haven't found a proper encryption / decryption function yet, that
> is good, but quite easy to understand (not to break! ;) )
>
> Frizzle.

use MD5 digits as an index into a dictionary array, and use soundex to
compare words in case they mistype, using only a subset of the md5 string?

>

[Back to original message]