Re: Simple CAPTCHA?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Simple CAPTCHA?
From: Mike Pall <mikelu-0708@...>
Date: Sun, 19 Aug 2007 22:25:37 +0200

Hi,

PA wrote:
> Anyone has a suggestion for a simple (simplistic?) CAPTCHA mechanism? 

[ ] Check this box if you are human
Don't insert anything in this field: [        ]

It helps to make the internal names of the input fields random
with some (slow) time variation. Should work well enough unless
you're designing Yahoo's account creation page. Don't raise the
barrier higher than you need to -- diversity helps here.

> Here is a rather feeble attempt which generates a simple mathematical 
> question (e.g. 27 + 58), compute its result (85), and generates a HMAC 
> of the challenge using its result as the key (e.g. HMAC( '85', '27 + 
> 58' ) ) for later validation:

Umm, you need to protect against replay attacks ... and there are
many more known attacks against CAPTCHAs. If circumventing them
makes big money, somebody will find a way to do it. So, unless
you continually evolve your CAPTCHAs, you'll loose the game:
  http://www.boingboing.net/2004/01/27/solving_and_creating.html

But if you must ... try to avoid reinventing the wheel:
  http://recaptcha.net/

Bye,
     Mike

References:
- Simple CAPTCHA?, PA

Prev by Date: Simple CAPTCHA?
Next by Date: Re: Features you would like to see
Previous by thread: Simple CAPTCHA?
Next by thread: RE: Simple CAPTCHA?
Index(es):
- Date
- Thread