fancy /mathematical /insecure /unofuscated /reused captchas

Few days ago, Gunnar told me about a quite curious captcha:

But, in the other hand, it had been implemented insecurely. With just one answer, you can submit many times:

Furthermore, I notice that the captcha was precomputed and, therefore, finite and reused. I made more than 15,000 requests and I had less than 5% unique (there is no motivation to solve 700 differential equations :P).

Moral: Sometimes, extravagance goes against security.

4 thoughts on “fancy /mathematical /insecure /unofuscated /reused captchas”

  1. well.. you are right. My english is bad, even worsth if its math terminology. Which is the correct name, derivative account?

    In fact, many of the request returns simple additions or polinomic roots.

  2. Yeah, from a security perspective, the design sucks in a multitude of ways. They seem to have made a point of making the answers easy to compute by hand, so all answers are small integers. Also, as you noted, they're reused and reusable. Still, they're cute and I think they might be (sorta) doing their job of keeping out common bots and people who couldn't possibly need the service. At least it's better than the "logic puzzles" (their term) used on the page of many a congressperson.

Comments are closed.