Comments - The Cutest Human-Test: KittenAuth

#151 /* 2 years, 9 months ago */

I found a link to this article on Adorablog and I had to check it out. Intellectually speaking, it's a very clever idea. On a slightly less cognitive level, I really want to click the kittens.

Quote

Lea Anonymous User

#152 /* 1 year, 6 months ago */

This system, in my opinion, does not offer a sufficient number of permutations in order to really protect anything. This has always been the case with picture-based captchas.

Quote

ben Anonymous User

#153 /* 1 year, 6 months ago */

I need not train a computer to recognize the contents of your image if I can train a computer to uniquely identify images compared to each-other (using a hash) and then brute-force until the identities of all images is known. If I can learn the identities of 3-4 images every 100 attempts or so (with rapidly increasing returns as I can eliminate or select for newly known images) it wouldn't be that long before the entire image library was exhausted.

The file name isn't the only distinguishing feature of an image -- the image data itself is subject to profiling.

My suggestion would be to manipulate each image in some random way (eg, a random colored 1px border) using something like ImageMagick. Though even that could be trivially reversed if it was the only manipulation performed. You would have to get pretty creative to design manipulations that can't be undone in a way that yields a uniquely identifiable blob of pixels. And once you start doing that, you are back to the same unrecognizable mess of visual distractions that text captcha's have become.

Regards,
Sam

Quote Profile

Sam Schinke Normal User

#154 /* 17 months, 7 days ago */

You could track IP addresses of failed attempts and blacklist that IP address after X failures.

As someone who is more likely to close a browser window/tab than bother with most captchas, I find this image grid technique a very refreshing alternative.

Note, you CAN use plain ASP for the images, without components. Binary read the picture file and spew it to the browser using the picture's MIME type. I've used a similar method to prevent image hotlinking, and since it's vanilla ASP I don't have to worry about what .NET may or may not be on the server.

Quote Profile

confirmed furball Normal User

#155 /* 17 months, 5 days ago */

I took a similar idea on a different approach

I'm woring with perl/cgi so I made a script that ouputs a random picture from a set of directories and a dropdown of possible answers.
say "cat, dog, car, building....."
The user identifies the picture subject by selecting it from a dropdown. To increase the complexity, just add multiple images, complexity is exponential as you add images.

If I have 7 types, and output 2 images then the chances are 1 in 7^2 for brute force, but if I have 20 types and put out 3 images brute force is now 1 in 20^3

Since I'm using CGI instead of PHP I store a id / answer match in a file with a timestamp and expire the match after a set period of time to prevent spammers from caching a valid id/answer pair.

Quote

Brandon Anonymous User

#156 /* 13 months, 8 days ago */

I am dyslexic so coping text and number wrongly works well for me. But I do know what a kitten looks like.

Quote

Sally Evans Anonymous User

#157 /* 11 months, 13 days ago */

I think using animal sounds would be a good way to authenticate for blind users. (Click all the boxes that make kitten sounds!) I think a "meow" would be easy for a person to recognize, but programming a bot to recognize "meow" vs. "moo" should be rather hard.

Quote

Meg Anonymous User

#158 /* 10 months, 14 days ago */

Silly suggestion but maybe it will spark something from someone else. What if the grid was a picture of one kitten and you had to slide the pieces around like a puzzle to "solve" the puzzle? Kind of like those little grid puzzles with the one piece missing. Except here you could slide the pictures directly into place without having to slide everything around the one missing piece.

Quote