Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
The best CAPTCHA ever
Posted by: Spyware
Date: September 04, 2007 02:13AM

What's the best CAPTCHA ever? Even if it's too complicated to use for normal usage, what would be the best CAPTCHA?

I think it's a few factors, first, a scan for brainwave activity. Then body temperature measurement for a few seconds, and finally a hartbeat scan for 30 seconds to ensure the computer user is human is real (and alive ;) ). After this the user should enter a user/pass before he/she can actually do something. If one of these tests fail the action is aborted.

So, what do you guys think what would make the perfect CAPTCHA?

Options: ReplyQuote
Re: The best CAPTCHA ever
Posted by: kuza55
Date: September 04, 2007 03:19AM

That CAPTCHA is pretty useless since it needs to be administrable over a network, and anything an application sends can be faked.

Jeremiah Grossman had a fairly good set of tests which would constitute the best CAPTCHA: http://jeremiahgrossman.blogspot.com/2006/09/captcha-effectiveness-test.html

The ones we are yet to solve are test 4 & 7:

4) Test should only be solvable by the human to which it was presented.
7) Test should not discriminate against humans with visual or hearing impairments.

----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]

Options: ReplyQuote
Re: The best CAPTCHA ever
Posted by: Spyware
Date: September 04, 2007 04:54AM

You could start encrypting data with a OTP, that would make it way harder to fake. You could write an algorithm to "merge" all the data of the login session in one or multiple keys, encrypt with OTP and then send.

Lets take a look at the list and apply it to my presented CAPTCHA:

1) Test should be administered where the human and the server are remote over the network.

Okay, this is true.

2) Test should be simple for humans to pass.
* Humans should fail less than 0.1% on the first attempt.

This is debatable. What is "easy" when it comes to security? In my case a person would have to sit in a chair equipped with some scanners.

3) Test should be solvable by humans in less than a several seconds.

30 seconds is quite alright if you're dealing with classified information.

4) Test should only be solvable by the human to which it was presented.

You could compare the brainwave patterns, hartbeat and password to those who are stored in the database from previous login sessions. If this is not enough throw in an IRIS scan and/or a fingerprint scan.

5) Test should be hard for computer to pass

Can a computer "fake" brainwave patterns, body temperature, hearbeat rate, bruteforce a pass and pass the IRIS and fingerprint scans? (Assuming everything is protected with a OTP)

* Correctly guessing the answer should be less than 1 in 1,000,000, even after 24-hours of analysis.

In my case this would take eons to crack, I think.

6) Knowledge of previous test questions, answers, results, or combination thereof should not impact the predictability of following tests.

Dunno about this one. You can't really "bend" your heartrate and brainwave activity, so I think users can't re-enact a login session.

7) Test should not discriminate against humans with visual or hearing impairments.

Mine is completely usable for anyone, even with visual or hearing impairments.

8) Test should not possess a geographic, cultural, or language bias.

It doesn't.


So, start debunking this CAPTCHA :)

Options: ReplyQuote
Re: The best CAPTCHA ever
Posted by: Super-Friez
Date: September 09, 2007 09:04AM

Kill the person, and see if blood comes out. Get a sample of the blood, and make sure it's human blood by testing to see if it's one of the human blood types, and not one of the sixty types cows have. Haha, just kidding! Although, it could work.

Options: ReplyQuote


Sorry, only registered users may post in this forum.