On 3/20/06, Neil Harris <neil(a)tonal.clara.co.uk> wrote:
I tried to think of a good text-only captcha scheme some time ago, but
came up short.
The ideal text captcha is:
* endlessly variable (there must be at least millions of potential
challenges, to defend against replay attacks)
* easy for people to answer without any specialist knowledge
* easy to answer for people without advanced skills in the target language
* not generated by a simple algorithm which can be reverse-engineered
(as with the above)
* not Googlable
* easy to assess the answer using a computer program (which typically
means it's a simple word or phrase)
Even this isn't good enough. Spammers have already figured out out
how to defeat every visual captcha out there, and there's no reason to
believe it won't also apply to audio and text captchas. It's very
simple:
1) Advertise free porn on USENET and other locations.
2) In order to get the pictures, users need to answer a captcha.
Serve up the captcha for a site you're trying to register for.
3) User answers the captcha. User gets the porn, spammer gets the new
account, everyone's happy.
--
Mark
[[User:Carnildo]]