Luciano's webpage

captchas: The Good, the Bad and the Ugly

October 31, 2007 at 2:17 am · Filed under sorry for my english, Uncategorized

Some months ago, I commented about a weak implementation in a fancy captcha. Today I would like to comment about other bad implementations, but in other ways.

The good

A captcha should have big Shannon entropy, finite, but big. The session ID and the challenge must not be reused. The images must be resistant to OCR but should be understandable by a human.

The bad

Here is the first example:

Believe it or not.. This is a real case. So incredible eh?

The ugly

The victim, in this case, is this one:
This is an implementation of captchanumbers, by Hadar Porat. This captcha and many others generated by captchanumbers are weak and can be read with this script.

The idea is simple. As the numbers are nearly in the same place, they can be cut. Those parts can compared independently, reducing the entropy. May be the script and this image would be more enlightening than my limited English:

The 10,000 possibilities was reduced to 159. No OCR, 100% deterministic.

Second moral: Understand the fundamentals first, write code later.

Permalink

RSS feed

1 Comment

Comment by anonymous

2008-02-06 10:22:29

I think you’ve already seen this http://recaptcha.net/ but just in case…

PS. The OpenId login is not working well

Eduardo Campañó

 

Sorry, the comment form is closed at this time.

• e-mail & PGP fingerprint

  • luciano(at)debian(dot)org
  • 53D7 3210 9C90 AAB2 11D8 0503 4164 D1B3 894B B479
• • RSS 2.0/Atom 0.3
  • My Photos / Mis Fotos
  • My Flickr
  • My Debian's Packages / Mis Paquetes en Debian

• My Twitter

  microluciano: RT @WisecWisec: dont' blame the messenger, blame the mitm

  Updated 2 days, 22 hours, 40 minutes ago

  microluciano: it's a fact: I like skiing.

  Updated Wed, 01 Feb 2012 17:13:34 +0000

  microluciano: @matiaskatz @rootedcon El proyecto sigue, pero yo ya no estoy involucrado.

  Updated Sun, 29 Jan 2012 19:10:53 +0000

  microluciano: RT @MarkBaggett: Alternatives to former google codesearch: http://t.co/SdCyEu5G http://t.co/xuY98GyZ http://t.co/GlbfmRR7 http://t.co/MY ...

  Updated Wed, 18 Jan 2012 19:24:45 +0000

  show older status

  hide older status

  microluciano: Nuevo post! http://t.co/cKzyNYWq

  Updated Mon, 16 Jan 2012 17:30:47 +0000

  microluciano: RT @NeckbeardHacker: Almost done with linux.js. Yes, it's my JavaScript implementation of the Linux kernel. Why are you looking at me ...

  Updated Mon, 16 Jan 2012 12:45:48 +0000

  microluciano: Back in Gothenburg. The house is gleam and tidy, with new plants and decoration. This place is slowly becoming a home...

  Updated Fri, 13 Jan 2012 00:28:54 +0000

  microluciano: RT @chriseppstein: Epic. nasa goes open source with projects on github: http://t.co/ryPrNEq2

  Updated Thu, 05 Jan 2012 19:09:07 +0000

  microluciano: RT @ortegaalfredo: Hackers from the future will crack all your passwords, troll them: aortega:IsleeptWithYourGreatgreatgreatgreatgrandmother

  Updated Thu, 05 Jan 2012 02:41:30 +0000

  microluciano: Avoid the movie theater this night and watch https://t.co/aZtCIsnB Your welcome.

  Updated Tue, 03 Jan 2012 18:00:49 +0000

  microluciano: RT @chiri_basilis: Lucía Etxebarría dice que no escribe más porque la gente piratea sus libros. Hernán Casciari la consuela en Orsai. ht ...

  Updated Thu, 22 Dec 2011 05:03:47 +0000

  microluciano: Recommended travel reading: Logicomix, by Doxiadis and Paradimitriou. It fits perfectly in a AF418 flight length.

  Updated Fri, 16 Dec 2011 17:36:04 +0000

  microluciano: Buenos Aires, I'm going!

  Updated Wed, 14 Dec 2011 11:53:29 +0000

  microluciano: Cosas que se aprenden viviendo en Suecia. Capítulo de hoy: Lucia http://t.co/ZFqoHG3R

  Updated Mon, 12 Dec 2011 21:41:59 +0000

  microluciano: strange Swedish thing #452: For the students, my "check mark" (✓) on the side of the exercises means "wrong" #wtf #swedishproblems

  Updated Sat, 10 Dec 2011 20:29:45 +0000

  microluciano: first snow in Gothenburg :)

  Updated Mon, 05 Dec 2011 23:20:12 +0000

  microluciano: Best. research paper abstract. evar. http://t.co/v25oGqjc (via @boingboing)

  Updated Thu, 24 Nov 2011 12:00:36 +0000

  microluciano: on the subject of the anniversary of the Stanisław Lem's first book, the today's google.ru doodle

  Updated Wed, 23 Nov 2011 08:11:22 +0000

  microluciano: At London with @gsarasate during the weekend. Don't wait me awake.

  Updated Fri, 18 Nov 2011 10:44:30 +0000

  microluciano: RT @eklectica: ███████ ███ ██ █████ http://t.co/iSkuyrkA una excelente reseña sobre la estupidez del lobby norteamericano, léanlo

  Updated Thu, 17 Nov 2011 12:12:15 +0000

• Categories

  • favorites
  • sorry for my english
  • life
    • activism
    • depression
    • ego
    • home
    • journeys & traveling
    • procrastination
    • sweden
      • Lessons learned…
  • geek
    • blogging
    • dark side
    • debian
      • planet
      • planeta
    • free software
    • python
    • social networking
  • wtf?!
  • math
    • probability & statistics
    • π
    • φ
  • crypto
  • security
    • openssl
  • academy
    • information flow
    • university
  • hardware
  • lectures & talks
  • books & reading
  • Uncategorized

• Recent Comments

  • peluzza on Corriendo Debian en un server fanless
  • Luciano's webpage » Corriendo Debian en un server fanless on Avancez
  • Damian on alchemy: jugando a ser dios (ó cómo hacer trampa con Python)
  • Ariel on Lessons Learned: Pubrunda
  • Fer on Lessons Learned: Pubrunda

• Archives

  • January 2012
  • December 2011
  • October 2011
  • September 2011
  • August 2011
  • June 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • March 2006
  • February 2006
  • January 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005
  • April 2005
  • March 2005
  • January 2005
  • December 2004

• Hosting donated by

  

Design by Beccary and Weblogs.us · XHTML · CSS