What Is a CAPTCHA ?

January 02, 2018 0


What Does CAPTCHA Stand For?
CAPTCHA is an acronym from Carnegie Mellon University. It stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". This is a rather obnoxious acronym, but the term has become the standard moniker for these simple human-or-robot tests.

How Do CAPTCHAs Work?

CAPTCHAs work by asking you to type a phrase that a robot would be hard-pressed to read. Commonly, these CAPTCHA phrases are .gif pictures of scrambled words, but can also be .mp3 voice recordings. These pictures and recordings are very hard for conventional software programs to understand, and hence, robots are usually unable to type the phrase in response to the picture or recording

GUIDELINE
  • Accessibility. CAPTCHAs must be accessible. CAPTCHAs based solely on reading text — or other visual-perception tasks — prevent visually impaired users from accessing the protected resource. Such CAPTCHAs may make a site incompatible with Section 508 in the United States. Any implementation of a CAPTCHA should allow blind users to get around the barrier, for example, by permitting users to opt for an audio or sound CAPTCHA.
  • Image Security. CAPTCHA images of text should be distorted randomly before being presented to the user. Many implementations of CAPTCHAs use undistorted text, or text with only minor distortions. These implementations are vulnerable to simple automated attacks.
  • Script Security. Building a secure CAPTCHA code is not easy. In addition to making the images unreadable by computers, the system should ensure that there are no easy ways around it at the script level. Common examples of insecurities in this respect include: (1) Systems that pass the answer to the CAPTCHA in plain text as part of the web form. (2) Systems where a solution to the same CAPTCHA can be used multiple times (this makes the CAPTCHA vulnerable to so-called "replay attacks"). Most CAPTCHA scripts found freely on the Web are vulnerable to these types of attacks.
  • Security Even After Wide-Spread Adoption. There are various "CAPTCHAs" that would be insecure if a significant number of sites started using them. An example of such a puzzle is asking text-based questions, such as a mathematical question ("what is 1+1"). Since a parser could easily be written that would allow bots to bypass this test, such "CAPTCHAs" rely on the fact that few sites use them, and thus that a bot author has no incentive to program their bot to solve that challenge. True CAPTCHAs should be secure even after a significant number of websites adopt them.
  • Should I Make My Own CAPTCHA? In general, making your own CAPTCHA script (e.g., using PHP, Perl or .Net) is a bad idea, as there are many failure modes. We recommend that you use a well-tested implementation such as reCAPTCHA.
    • Tags:

    No comments

    Subscribe to: Post Comments ( Atom )

    Anime information

    Never vistit Click Ads from PTC Sites

    Can you believe I have earned more than $80,000 (INR 4.5 Million) just from PTC sites (Paid to Click Sites). There are dozens of best PT...

    Powered by Blogger.