Beating CAPTCHA-Crackers

A CAPTCHA That "can't" be cracked

A CAPTCHA That "can't" be cracked

Everyone is in this arms-race. Those who make CAPTCHAs, and those who want to crack them.

The solution for the former is simple: Animate them. I’m not talking about making a 6-frame looping GIF, whereby the cracker can steal a frame and crack at THAT, I’m talking about an animation where any one frame doesn’t have all of the information- Even each of the frames looked at on their own doesn’t have all of the information, but the sum of viewing them makes it obvious.

There are 6 frames to the CAPTCHA on the right. The number “4” and letter “K” are normal – if a cracking algorithm ripped these frames apart, they could trivially determine those. But the 8 is made of two frames- both of the letter “O”… The “X” is made up of two frames- one a “foreslash” the other a “backslash”. I’m not going to claim that this exact CAPTCHA is uncrackable, but the concept – spending more than 45 seconds in the Gimp- will yield a product that cannot be beaten by non-morphing algorithms, and I don’t see the CAPTCHA-cracking-clique getting that sophisticated for a few more years at least.

Go Forth And Code.

UPDATE 5/11: A colleague challenged that this could be beaten by a simple “flattening” algorithm, thus looking at all the frames at the same time. Again, the simple animation I made wasn’t meant has a true example, merely the gist. Introducing multi-color backgrounds, “erasing” parts of previous frames with future frames, among other techniques, would nullify the “flattening bypass”.

This entry was posted in Architecture, Opinions and tagged , , , . Bookmark the permalink.

1 Response to Beating CAPTCHA-Crackers

  1. Pingback: Video Captcha Prior Art | Out Of The Clouds

Leave a Reply

Your email address will not be published. Required fields are marked *