NYCPHP Meetup

[John Coggeshall]

Forgive me if this has already been mentioned, but the reality is when
it comes to captcha there is really a very very low tech requirement for
them to be very effective, and going too much beyond that isn't going to
buy you very much. What I mean is, you can probably get away with a
text-based captcha (see the comment form on my blog at
http://www.coggeshall.org/)... Which is going to stop 99% of the people
in the world. If you are actually concerned, I wouldn't even worry about
someone doing OCR as its really not worth their time. Rather, if someone
is looking to do that they will setup a porn site and make people type
in the word they see in the box in order to see their porn and go that
route -- which is exactly what happens with Yahoo!

John



On Thu, 2004-08-26 at 12:20, Daniel Convissor wrote:
> Hi Joel:
> 
> Getting back to this aging thread...
> 
> On Thu, Jul 22, 2004 at 04:06:02PM +0000, Joel De Gan wrote:
> > Are you talking about how to keep crackbots out? or how to crack one one
> > of these?
> 
> Keeping crackers out.
> 
> 
> > I have done a lot of work in cracking captcha's (and have published code
> > all over about it).
> 
> Thanks for your great advice.
> 
> I have a few questions...
> 
> * Does it matter what type of image is used?  I'd guess JPEG's lossy,
> somewhat imprecise, nature would be a _little_ harder for bots to 
> decipher.
> 
> * I'm using fuzzy fonts, but they may be a bit _too_ fuzzy for humans 
> to easily figure out.  I'm pondering if it would be better to use 
> cleaner fonts, but split each letter in half along a random axis and 
> then move the two halves apart a little bit in a random direction.  
> This would likely thwart attempts to use the font files to reverse 
> engineer the characters.
> 
> 
> Anyway here's my CAPTCHA implementation thusfar...
> 
> The source of the image generation is at:
> http://cvs.php.net/co.php/pearweb/public_html/captcha-image.php
> 
> and the value generation is at the bottom of:
> http://cvs.php.net/co.php/pearweb/include/pear-format-html.php
> 
> In order to allow testing before deployment, the code I posted doesn't
> generate images on the form pages yet.  To see what the CAPTCHAs look
> like, go to this page to initialize a captcha session var:
> http://pear.php.net/bugs/bug.php?id=14&edit=3
> 
> Then view the image here:
> http://pear.php.net/captcha-help.php
> 
> Please let me know what you think.
> 
> 
> > The main issue here with this one is the random line(s) and the opacity.
> 
> Opacity?  How would I tweak that for a particular object?  I didn't 
> see any related functions in the php gd man page.  I am juggling 
> colors, though.
> 
> Thanks,
> 
> --Dan