| 1 |
On Thu, May 28, 2009 at 12:20:35AM +0200, Marijn Schouten (hkBst) wrote: |
| 2 |
> The reCAPTCHA page mentions[1] that simple text recognition (with minimal |
| 3 |
> distortion) is easy to do with computer programs. |
| 4 |
I think you misread part of that page. |
| 5 |
The sentence in question is (added emphasis mine): |
| 6 |
"For example, the CAPTCHAs ***shown below*** can all be broken using image |
| 7 |
processing techniques, mainly because they use a consistent font." |
| 8 |
(and there is an image comprised of several past generations of |
| 9 |
captcha). |
| 10 |
|
| 11 |
reCAPTCHA breakage rates remain lower than other captcha variants, since |
| 12 |
the source material is not generated, comes from old books. |
| 13 |
|
| 14 |
Nowhere did I claim that captchas could not be defeated. |
| 15 |
- Web-service to do it for you: |
| 16 |
http://www.captchakiller.com/ |
| 17 |
- How 4chan did it (in the end, actually attacking the methodology of |
| 18 |
reCAPTCHA - any word submitted consistently for the same testcase |
| 19 |
wins, regardless of actually matching): |
| 20 |
http://musicmachinery.com/2009/04/27/moot-wins-time-inc-loses/ |
| 21 |
- From DEFCON 2008: |
| 22 |
http://captchatalk.com/ |
| 23 |
|
| 24 |
Then there are all the folk that realize you can outsource the problem |
| 25 |
to humans in third world countries cheaper or on porn sides than the |
| 26 |
processing time required to attack via OCR. |
| 27 |
|
| 28 |
> Given that the calculus-captcha are non-distorted LaTeX'ed formulas we |
| 29 |
> should therefore probably assume that computers can read those |
| 30 |
> formulas. They only seem to have very few kinds of questions (zeros of |
| 31 |
> small polynomials, differentiation of some trigonometric functions |
| 32 |
> (only cos and sin), arithmetic), all of which are extremely simple |
| 33 |
> especially for a program[1]. If this CAPTCHA becomes widespread |
| 34 |
> someone WILL break it. |
| 35 |
I gave the calculus captcha as a joke, and I'm surprised nobody called |
| 36 |
me on it. The level of human required to correctly answer some of the |
| 37 |
actual calculus questions is beyond a lot of our user-base (no offense |
| 38 |
to them, but they just haven't covered that in formal or informal |
| 39 |
education). |
| 40 |
|
| 41 |
The captcha just needs to be passably good enough to protect a single |
| 42 |
text field of the email address to subscribe. |
| 43 |
|
| 44 |
The only other complaint of value in this thread thus-far was Dale |
| 45 |
noting that he's one of the users that would need the audio variant, but |
| 46 |
doesn't have enough bandwidth (stuck on very slow dialup) to stream it. |
| 47 |
To address that then, as it's only going to be a small percentage, I'm |
| 48 |
going to have a message at the bottom of the page, telling that subset |
| 49 |
of users to just email me as the list postmaster. |
| 50 |
|
| 51 |
-- |
| 52 |
Robin Hugh Johnson |
| 53 |
Gentoo Linux Developer & Infra Guy |
| 54 |
E-Mail : robbat2@g.o |
| 55 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives