Shortcomings in CAPTCHA Design and Implementation: Captcha2, a Commercial Proposal
نویسندگان
چکیده
Many CAPTCHA proposals have shortcomings in their design or implementation that make themmuch weaker than intended. In this paper we study Captcha2, a commercial algorithm, as a means of showing typical flaws that make many CAPTCHAs prone to successful low-cost attacks. The attack we present makes no use of any AI techniques, not affecting the resilience of the original AI problem this CAPTCHA is (supposedly) based upon. That’s why it can be considered a pure side-channel attack. We conclude with some tips for improving this CAPTCHA, which can be also used as general guidelines for avoiding a certain family of very common flaws.
منابع مشابه
Privacy-preserving, user-centric VoIP CAPTCHA challenges: An integrated solution in the SIP environment
Purpose In this work we argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics. Design/methodology/approach We design a prototype, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challeng...
متن کاملA CAPTCHA in the Text Domain
Research on CAPTCHA has led CAPTCHA design into adopting almost exclusively graphical implementations that deal mostly with character recognition. This has reached an exhaustion point, where new approaches are vital to the survival of the technique. This paper discusses the early stages of a research that intends to solve the open problem of a CAPTCHA in the text domain offering, this way, inno...
متن کاملProposal for \"Rationalizing\" The Rate of Profit of Bank Loans: A Critique
In winter 1383, the center for Research of Majlis Shura Islamic of Iran (CRMSII) published a proposal on the logic of the prevailing profit rate that the commercial banks pay/charge on long-term bank loans requiring the executive branch of Islamic Republic to lower the average rate of profit by 4.5 percent within 18 months of passage of the bill by Majlis, to reduce government budget defi...
متن کاملPitfalls in CAPTCHA design and implementation: The Math CAPTCHA, a case study
We present a black-box attack against an already deployed CAPTCHA that aims to protect a free service delivered using the Internet. This CAPTCHA, referred to as ‘‘Math CAPTCHA’’ or ‘‘QRBGS CAPTCHA’’, requests the user to solve a mathematical problem in order to prove human. We study significant problems both in its design and its implementation, and how those flaws can be used to completely sol...
متن کاملRemotely Telling Humans and Computers Apart: An Unsolved Problem
The ability to tell humans and computers apart is imperative to protect many services from misuse and abuse. For this purpose, tests called CAPTCHAs or HIPs have been designed and put into production. Recent history shows that most (if not all) can be broken given enough time and commercial interest: CAPTCHA design seems to be a much more difficult problem than previously thought. The assumptio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010