Comments - The Cutest Human-Test: KittenAuth

#171 /* 7 months, 9 days ago */

Problem with this whole idea is that computers can do it.
What if you came up with something computers don't do well, but people do?
I hate Captcha. I've built three of them this week. I would rather do ANYTHING else than write Captcha scripts, or use them.

The big issue though, seems to me, that people use Captcha as a substitute for proper programming.
You should always check your field lengths and data types, doing things like screening out line breaks, and limiting the number of times the form can be submitted in a set interval.

Captcha does not address any of it, and kittens doesn't seem to do it either.
My concern is that people will continue to take these sorts of shortcuts without attempting to do proper form validation.

Because you suck my fucking cock, you fucking nigger fag. Hail Hitler

Quote Profile

Sam Moshe Normal User

#172 /* 7 months, 9 days ago */

Your system is hopelessly flawed beyond the 1/84 brute force attack. Sounds or images, as long as they are not dynamically generated, an intelligent attacker will automatically remember the images that successfully logged them in for that corpus (say kittens), and soon they will have a copy of your corpus on their client side. So when they are presented with kittens again, they simply check your images against the ones they've already successfully logged in under kittens, and even if they've never seen those three on the same login challenge, if they've seen them separately, sorry.. its late, and my writing isn't very clear, but I think you can decipher what I'm saying. Depending on a corpus of size N, after AN attacks, the login success rate will have gone from 1/BN to 1/1 where A and B are hand wavy constants. And you're back to where you started, only it takes longer for legitimate visitors to post. Randomly cutting edges off of the image can significantly increase the size of your corpus, and identifying the slightly altered images and mapping them to an ideal - they'd never be able to get past that... oh wait. Style points for using cute animals, though.

Quote

Hole Inthebucket Anonymous User

#173 /* 7 months, 9 days ago */

I think its a great Idea. Arguably some aspect of the "bot defense" comes from just the shifting or changing around of the methods for authentication (not unlike changing money every few years so as to keep the counterfeiters guessing) - as there will have to be a bot/spammer "learning curve". Until such time as that arrives I think your method would be very effective, with it (more than likely) becoming somewhat less effective over time as more and more effort is expended by others in an attempt to defeat it. (which invariably happens to all security devices employed to stop these annoying time-wasters anyway) I also think the Idea of randomly generating the animal to be named is a fabulous way to elevate the complexity of the challenge for the bot computers.

MM
Denver, CO

Quote

Matt Metal Anonymous User

#174 /* 7 months, 9 days ago */

a spambot could just first download all images. let one man look at it and then store this is in the spambot. You would need A LOT of pictures to prevent any kind of attack in this matter. Your authentication technique will hold or break based on the number of different pictures you have available.

Quote Profile

Bjorn Normal User

#175 /* 7 months, 9 days ago */

Hi,

There is a problem here: you need a **large** database of images to prevent your system from being just 'backed-up' elsewhere. And this is not that difficult to do. Once someone has your complete database of images and he has run through them checking which are cats and which are not (this may take, say, a couple of days), the implementation of a bot is even easier than that of hotmail-gmail-yahoo mail's...

I *guess*.

Pedro.

Quote

Pedro Fortuny Ayuso Anonymous User

#176 /* 7 months, 9 days ago */

just wanted to see the kitten ;)

Quote

just trying Anonymous User

#177 /* 7 months, 9 days ago */

testing

Quote

johndoe Anonymous User

#178 /* 7 months, 9 days ago */

Why not make the number of kittens random as well, for instance, any number between 1-4. That would increase the number of combinations as well, I think.

Cheers,
Sander

Quote