{"id":371,"date":"2009-04-21T16:47:05","date_gmt":"2009-04-21T20:47:05","guid":{"rendered":"http:\/\/mattwork.potsdam.edu\/blog\/?p=371"},"modified":"2012-03-05T10:08:10","modified_gmt":"2012-03-05T15:08:10","slug":"beating-captcha-crackers","status":"publish","type":"post","link":"http:\/\/www.matthewgkeller.com\/blog\/2009\/04\/21\/beating-captcha-crackers\/","title":{"rendered":"Beating CAPTCHA-Crackers"},"content":{"rendered":"
\"A

A CAPTCHA That "can't" be cracked<\/p><\/div>\n

Everyone is in this arms-race. Those who make CAPTCHA<\/a>s, and those who want to crack them.<\/p>\n

The solution for the former is simple: Animate them. I’m not talking about making a 6-frame looping GIF, whereby the cracker can steal a frame and crack at THAT, I’m talking about an animation where any one frame doesn’t have all of the information- Even each of the frames looked at on their own doesn’t have all of the information, but the sum of viewing them makes it obvious.<\/p>\n

There are 6 frames to the CAPTCHA on the right. The number “4” and letter “K” are normal – if a cracking algorithm ripped these frames apart, they could trivially determine those. But the 8 is made of two frames- both of the letter “O”… The “X” is made up of two frames- one a “foreslash” the other a “backslash”. I’m not going to claim that this exact CAPTCHA is uncrackable, but the concept – spending more than 45 seconds in the Gimp- will yield a product that cannot be beaten by non-morphing algorithms, and I don’t see the CAPTCHA-cracking-clique getting that sophisticated for a few more years at least.<\/p>\n

Go Forth And Code.<\/p>\n

UPDATE 5\/11: <\/strong>A colleague challenged that this could be beaten by a simple “flattening” algorithm, thus looking at all the frames at the same time. Again, the simple animation I made wasn’t meant has a true example, merely the gist. Introducing multi-color backgrounds, “erasing” parts of previous frames with future frames, among other techniques, would nullify the “flattening bypass”.<\/p>\n","protected":false},"excerpt":{"rendered":"

Everyone is in this arms-race. Those who make CAPTCHAs, and those who want to crack them. The solution for the former is simple: Animate them. I’m not talking about making a 6-frame looping GIF, whereby the cracker can steal a … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,12],"tags":[25,26,46,79],"class_list":["post-371","post","type-post","status-publish","format-standard","hentry","category-architecture","category-opinions","tag-captcha","tag-captcha-cracking","tag-gimp","tag-stupid"],"_links":{"self":[{"href":"http:\/\/www.matthewgkeller.com\/blog\/wp-json\/wp\/v2\/posts\/371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.matthewgkeller.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.matthewgkeller.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.matthewgkeller.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.matthewgkeller.com\/blog\/wp-json\/wp\/v2\/comments?post=371"}],"version-history":[{"count":0,"href":"http:\/\/www.matthewgkeller.com\/blog\/wp-json\/wp\/v2\/posts\/371\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.matthewgkeller.com\/blog\/wp-json\/wp\/v2\/media?parent=371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.matthewgkeller.com\/blog\/wp-json\/wp\/v2\/categories?post=371"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.matthewgkeller.com\/blog\/wp-json\/wp\/v2\/tags?post=371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}