On Thu, May 28, 2009 at 12:20:35AM +0200, Marijn Schouten (hkBst) wrote: > The reCAPTCHA page mentions[1] that simple text recognition (with minimal > distortion) is easy to do with computer programs. I think you misread part of that page. The sentence in question is (added emphasis mine): "For example, the CAPTCHAs ***shown below*** can all be broken using image processing techniques, mainly because they use a consistent font." (and there is an image comprised of several past generations of captcha). reCAPTCHA breakage rates remain lower than other captcha variants, since the source material is not generated, comes from old books. Nowhere did I claim that captchas could not be defeated. - Web-service to do it for you: http://www.captchakiller.com/ - How 4chan did it (in the end, actually attacking the methodology of reCAPTCHA - any word submitted consistently for the same testcase wins, regardless of actually matching): http://musicmachinery.com/2009/04/27/moot-wins-time-inc-loses/ - From DEFCON 2008: http://captchatalk.com/ Then there are all the folk that realize you can outsource the problem to humans in third world countries cheaper or on porn sides than the processing time required to attack via OCR. > Given that the calculus-captcha are non-distorted LaTeX'ed formulas we > should therefore probably assume that computers can read those > formulas. They only seem to have very few kinds of questions (zeros of > small polynomials, differentiation of some trigonometric functions > (only cos and sin), arithmetic), all of which are extremely simple > especially for a program[1]. If this CAPTCHA becomes widespread > someone WILL break it. I gave the calculus captcha as a joke, and I'm surprised nobody called me on it. The level of human required to correctly answer some of the actual calculus questions is beyond a lot of our user-base (no offense to them, but they just haven't covered that in formal or informal education). The captcha just needs to be passably good enough to protect a single text field of the email address to subscribe. The only other complaint of value in this thread thus-far was Dale noting that he's one of the users that would need the audio variant, but doesn't have enough bandwidth (stuck on very slow dialup) to stream it. To address that then, as it's only going to be a small percentage, I'm going to have a message at the bottom of the page, telling that subset of users to just email me as the list postmaster. -- Robin Hugh Johnson Gentoo Linux Developer & Infra Guy E-Mail : robbat2@gentoo.org GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85