Learn More
Resend Email
2
typosaurus
237d

I think i came up with the ultimate captcha. A gif that displays four numbers, one by one in current position. There's always one number displayed. I do not think that AI can recognize it without some nasty adjustments while it's very clear for humans. A while ago I had to do a captcha with six questions and failed it a few times. Wtf.

The site I'm working on will have this captcha soon. I make a microservice in C that will create a captcha equal to the last url parameter, the four digit number. By giving the number yourself as parameter you know what to validate with later at post. I probably include the answer hashed with some salt in a hidden field to compare answer with so it works if you have two tabs open

random

captcha

ai

numbers

gif
Favorite
Ranter
Comments
  • 1
    237d
    Wow, this one is nice too: https://dev.to/vivirenremoto/...
  • 0
    237d
    I do see other gif captcha's but they make the mistake by showing all digits at once. In that case AI doesn't even care if it's a gif
  • 1
    237d
    it's an interesting idea, and it might work. up to the point when attackers know it exists.

    then, it's a trivially simple matter of "rendering the gif layers side to side, instead temporally one after another, then running it through the same OCR that's been working for ages". keep in mind that your _file_ contains all digits "all at once", and displaying it the intended way is basically just a user preference.

    with the bonus of new accessibility problems for people with vision impairments, as well as introducing the error of "typing 2341 instead of the shown 1234 because the user started watching the gif at $TheWrongTime".
  • 2
    237d
    you _might_ be able to partially fix this by providing a highly compressed video file instead, since this introduces the IMHO best bot-prevention technique of "making it computationally expensive"
  • 1
    237d
    A couple of years ago, giving simple instructions or basic reasoning would have been nice. LLMs killed it before it was needed.
  • 0
    237d
    @tosensei wrong sequence wouldn't happen since as I stated the digits will be shown at their own position like this: [][2][][]. The user knows what beginning and end is. The file contains all digits, yes, but there's no frame showing them all at once.

    Rendering to video isn't a bad idea, they won't expect it as captcha
  • 0
    237d
    Someone has done all the work already: https://github.com/skeeto/.... It doesn't include a lib what I normally prefer, but for creating a gif I would use one
  • 2
    237d
    I'm not sure why you think an AI couldn't crack this.

    This is crackable today
  • 0
    237d
    @lungdart I'm sure it wouldn't, there's no captcha like it. Why would it be able to crack it
  • 1
    237d
    Am happy you are used C . I built one in python flask ... hehehehe we all no wat happens ... the app is in production
  • 1
    237d
    @codePain nice, Google is easy delivery indeed. my c applications do reach production usage, no issues with it. They won't drain 100% cpu full time while being slow. Also, aiohttp is cooler than flask. My site is written in aiohttp and uses a self written in C rest server. The rest server is both pubsub and db. All works perfect.

    Sad that nobody uses quart python frwmework. I think because asyncio is overrated. Aiohttp is better tho, class based views and easy to chain apps under urls. So your modules are also complete apps, technically there's no difference in hierarchy of a main app and modules what is the case on django. Flask blueprints are horrible
  • 1
    236d
    @retoor because it understands image formats, and can reason about image contents.
  • 2
    236d
    @retoor "there's no captcha like it" as i previously indicated: this argument will hold exactly up to the point when the first attacker sees it anywhere.

    it's basically "security by novelty". which isn't any actual security.
  • 0
    236d
    @tosensei yh but isn't every captcha?
  • 0
    236d
    @retoor no, working captchas are "security by making cracking it more expensive than the expected gain"
  • 0
    236d
    @tosensei sometimes.. But someone has to code it still. I don't expect that an llm can learn it by itself, waiting until every letter flashed and collect them. AI doesn't do new stuff.

    I don't like the web part at all of my new project tbh. The development of it is quite boring and captcha doesn't have high priority
  • 0
    236d
    @retoor the ai does not need to "watch" the gif animation.

    the ai just gets the raw image data as input. which is a set of layers, each one containing one digit. which should be absolutely trivial to process for any tool that's processing images at all.
  • 0
    236d
    @tosensei I'm still sure it won't crack it yet - AI doesn't learn smth new itself
  • 0
    236d
    @retoor it doesn't _need_ to learn something. "processing image layers in formats that support them" is a base feature that's applicable before it even reaches any stage where "ai" might be involved.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment