"Jason Wong" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > On Saturday 04 May 2002 04:58, Hugh Bothwell wrote: > > NOTE that for someone sufficiently persistent, they could still > > pattern-match the generated image to retrieve the number and > > auto-register that way. (I could write a PHP file to do that, too :-) > > The pics generated by services like Yahoo are distorted and thus are > extremely difficult to OCR.
Yahoo apparently uses a mixture of static, marble, grid, colored background, ripple, and warp to obfuscate images. They don't seem to vary the typeface, size, spacing, or alignment of their font, although they do randomize the location. Of these, only ripple and warp seem inherently difficult to OCR. They also weaken it by using only short dictionary words; this could be useful in an attack (ie if the result is not a word in the dictionary, scrap it and start fresh). Yahoo links to an interesting page at Carnegie-Mellon: http://www.captcha.net/ They use a different scheme here; they show a set of six images and ask for a 'theme' word that describes them. Me being a skeptic, I wonder how many image sets they actually have and guess not more than 200 or so; it seems that a sufficiently determined person could catalog a decent-sized subset and automate an attack that way (of course, they could always obfuscate their images to some degree...). ... and the race continues ;-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
