(no subject)

Date: 2007-05-07 02:32 pm (UTC)
From: [identity profile] emilytheslayer.livejournal.com
I like being told I'm a human! It's cute and kind of fun and every captch comes with it's own kitten chaser! I approve.

Cute idea, though

Date: 2007-05-07 02:42 pm (UTC)
From: [identity profile] allah-sulu.livejournal.com
Since there are twelve images, and each only has two states (cat or not cat), there is a one in 4096 chance of guessing the correct answer...

And since there are so few combinations (compared to, say, a sequence of six letters, of which there are 308,915,776 possible combinations) this method would be easier for brute-force bots to hack by guessing all possible answers.

Re: Cute idea, though

Date: 2007-05-07 03:20 pm (UTC)
From: [identity profile] wishiwasnt.livejournal.com
Except that it picks new images and reshuffles each time you submit. You can't brute force it.

Re: Cute idea, though

Date: 2007-05-07 03:38 pm (UTC)
From: [identity profile] allah-sulu.livejournal.com
But if you have a 1 in 4096 chance of guessing correctly each time, then you're still more likely to guess it over time than you are to guess when there's a 1 in 308,915,776 chance of success.

If you can't guess each combination until you hit the right one, then you keep guessing the same combination until that one just happens to be the correct one.

So you can still brute force it.

Re: Cute idea, though

Date: 2007-05-07 03:49 pm (UTC)
From: [identity profile] wishiwasnt.livejournal.com
Ah, now I see what you're saying.

Re: Cute idea, though

Date: 2007-05-07 03:51 pm (UTC)
From: [identity profile] allah-sulu.livejournal.com
According to the How secure is Asirra? (http://research.microsoft.com/asirra/security.aspx) page: "if we see more than 500 failed HIPs from a single IP address in a single day, we put that IP into a "penalty box," scoring all HIPs as wrong until several hours elapse."

If you make 500 random guesses, there is a 11.4927057% chance that one (or more) of those 500 guesses will be correct. From a security standpoint, that's an awfully high number. That's from a single 500-attempt brute force attack from a single IP. If the site trying to get in uses multiple IPs and/or waits for the "several hours [to] elapse" before resuming the attack, they are certain to get past the security in relatively short order.

For sites like LiveJournal, you only have to pass the test once in order to create an account. Once that account is created, you can get back in at any time. This is extremely common, as the typical user is not likely to put up with being forced to take this test every single time he wants to access a site. The dog/cat test might be cute once, or even twice, but every single access, all day long, day in and day out? Not likely.

4096 possible combinations are simply not enough for any serious security system. That's only twelve bits, at a time when HD-DVD has moved from forty to 128-bit encryption. (For all the good it's done them, heh.)

(no subject)

Date: 2007-05-07 02:45 pm (UTC)
From: [identity profile] yud.livejournal.com
Having that "Adopt Me" link under ever photo seems like it defeats the purpose of the whole thing, since if you follow that link it brings up an info page with "Dog" or "Cat" right up at the top.

(no subject)

Date: 2007-05-07 05:20 pm (UTC)
From: [identity profile] terracinque.livejournal.com
At last my days of failing Turing tests are behind me!

(no subject)

Date: 2007-05-07 05:57 pm (UTC)
From: [identity profile] mere-bystander.livejournal.com
I like this much better than the mangled numbers and letters, but allah_sulu has a point.

(no subject)

Date: 2007-05-07 09:55 pm (UTC)
From: [identity profile] ewin.livejournal.com
That's just COOL! I would totally look at pictures of cute cats and dogs to prove that I'm a human.

(no subject)

Date: 2007-05-07 10:10 pm (UTC)
phantom_wolfboy: (humour)
From: [personal profile] phantom_wolfboy
I now have positive proof of my humanity!

Profile

yendi: (Default)
yendi

February 2024

S M T W T F S
    123
45678910
11121314151617
1819 2021222324
2526272829  

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags