| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Feb 13 16:04:58 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Comment Spam: new trends, failing counter-measures and why it's a big deal On Mon, 13 Feb 2006 07:09:48 +0100, php0t said: > the global solution against word recognition based challenges? If it was > like that, it would mean that there is no way anybody could make an > image generator that would change its success rate from 90% to 0%... It's *really* *really* difficult to produce a graphic image of letters and numbers that is still recognizable to a human but can't be beaten by a good edge-detection algorithm. For instance, you can "bleed" the edges so that they're fuzzy - but then the human has a hard time telling if it's an 'i' or an 'l', or an 'h' or a 'b' (and so on). I suppose you *could* put up a picture of something, and ask "What is this a picture of" - but then you need a sufficiently large library of images that an attacker can't just download all of them and have a human name each one once. And of course, this has the danger that a user can be left saying: "WTF? Is that an antelope or a gazelle?".... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060213/4932f78e/attachment.bin
Powered by blists - more mailing lists