1 |
On Thu, May 28, 2009 at 12:20:35AM +0200, Marijn Schouten (hkBst) wrote: |
2 |
> The reCAPTCHA page mentions[1] that simple text recognition (with minimal |
3 |
> distortion) is easy to do with computer programs. |
4 |
I think you misread part of that page. |
5 |
The sentence in question is (added emphasis mine): |
6 |
"For example, the CAPTCHAs ***shown below*** can all be broken using image |
7 |
processing techniques, mainly because they use a consistent font." |
8 |
(and there is an image comprised of several past generations of |
9 |
captcha). |
10 |
|
11 |
reCAPTCHA breakage rates remain lower than other captcha variants, since |
12 |
the source material is not generated, comes from old books. |
13 |
|
14 |
Nowhere did I claim that captchas could not be defeated. |
15 |
- Web-service to do it for you: |
16 |
http://www.captchakiller.com/ |
17 |
- How 4chan did it (in the end, actually attacking the methodology of |
18 |
reCAPTCHA - any word submitted consistently for the same testcase |
19 |
wins, regardless of actually matching): |
20 |
http://musicmachinery.com/2009/04/27/moot-wins-time-inc-loses/ |
21 |
- From DEFCON 2008: |
22 |
http://captchatalk.com/ |
23 |
|
24 |
Then there are all the folk that realize you can outsource the problem |
25 |
to humans in third world countries cheaper or on porn sides than the |
26 |
processing time required to attack via OCR. |
27 |
|
28 |
> Given that the calculus-captcha are non-distorted LaTeX'ed formulas we |
29 |
> should therefore probably assume that computers can read those |
30 |
> formulas. They only seem to have very few kinds of questions (zeros of |
31 |
> small polynomials, differentiation of some trigonometric functions |
32 |
> (only cos and sin), arithmetic), all of which are extremely simple |
33 |
> especially for a program[1]. If this CAPTCHA becomes widespread |
34 |
> someone WILL break it. |
35 |
I gave the calculus captcha as a joke, and I'm surprised nobody called |
36 |
me on it. The level of human required to correctly answer some of the |
37 |
actual calculus questions is beyond a lot of our user-base (no offense |
38 |
to them, but they just haven't covered that in formal or informal |
39 |
education). |
40 |
|
41 |
The captcha just needs to be passably good enough to protect a single |
42 |
text field of the email address to subscribe. |
43 |
|
44 |
The only other complaint of value in this thread thus-far was Dale |
45 |
noting that he's one of the users that would need the audio variant, but |
46 |
doesn't have enough bandwidth (stuck on very slow dialup) to stream it. |
47 |
To address that then, as it's only going to be a small percentage, I'm |
48 |
going to have a message at the bottom of the page, telling that subset |
49 |
of users to just email me as the list postmaster. |
50 |
|
51 |
-- |
52 |
Robin Hugh Johnson |
53 |
Gentoo Linux Developer & Infra Guy |
54 |
E-Mail : robbat2@g.o |
55 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |