Jump to content

First there were CAPTCHAs, now there are GOTCHAs.. :) :)

ShyWriter

By ShyWriter
in General Chat

 Share

Recommended Posts

ShyWriter

ShyWriter

Posted
Posted

.

First there were CAPTCHAs, now there are GOTCHAs

 

New system uses abstract art to hide passwords.

 

by Yogi Patel

Feb 7 2014, 10:30am EST

 

 

Screen-Shot-2014-02-07-at-9.59.23-AM.png

An example of one of the "inkblot" images used by the GOTCHA system.

 

Luis von Ahn and colleagues developed CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) in early 2000 to help fight against computer-generated spam. The test requires users to type in letters from a distorted image to prove that they're human. This system worked great for years, but as with many things on the Internet, there's always a hacker who wants to break the system.

 

Hackers have found ways to crack the CAPTCHA system—one example involves tricking users into thinking they are entering a CAPTCHA at a completely safe website while the user’s input is used to access another site. So it's up to the computer scientists to figure out how to beat the hackers again.

 

That's exactly what a team of researchers at Carnegie Mellon University set out to do. (The team consisted of PhD student Jeremiah Blocki, professor Manuel Blum, and associate professor Anupam Datta) The system they developed is called GOTCHA (Generating panOptic Turing Tests to Tell Computers and Humans Apart), and it uses a user-provided password to generate several multi-colored inkblots, with the blotches distributed randomly.

 

The user describes each inkblot with a text phrase, and the words in the phrase are then stored in random order, along with the password. When the user wants to sign in with the password, the inkblot and a set of descriptive phrases are shown. The user matches the inkblot and the phrase to complete the sign-in. In order to crack the user’s password offline, the hacker must know the user’s password and corresponding puzzle because the GOTCHA system requires real-time interaction with a human to solve the puzzle, says Datta.

 

GOTCHAs are small puzzles that are easy for humans to solve, but difficult for computers, says Blocki. Similar to CAPTCHAs, they rely on the human visual system to recognize patterns, making it difficult for computers and automated systems to beat. Their purpose, unlike CAPTCHAs, is to increase the security of passwords and make it difficult for anyone other than the creator to access an account.

 

To help test the robustness of their new method, the researchers are inviting fellow security researchers to use artificial intelligence techniques to crack the GOTCHA system at their online challenge. Three of the challenges have already been released on their website, and there are plans to release more.

 

SOURCE: http://arstechnica.com/science/2014/02/first-there-were-captchas-now-there-are-gotchas/

 

/Steve

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

That's an interesting idea, but how does it stop automated spam bots that can create accounts?

 

I don't believe it does, and in fact, it seems like it makes it a lot easier for account creation, b/c at account creation time, the user would enter password and descriptive phrase for the inkblot - so the bot could easily be programmed to enter random words and a password and then wait for the verification email and poof! they are registered and logged in.

 

hmmm ...

for the "inkblot" in the opening post , is there a "scary clown" description ?

:unsure:

 

That one showing in this thread is most definitely a scary clown lol

 

I thought it was 2 waltzing elephants?

Or maybe 3?

Or?

 

Nope.  Sorry, I see only clown.  With murderous intent no less.  Think Joker.

Link to post
Share on other sites
GT500

GT500

Posted
Posted

I don't believe it does, and in fact, it seems like it makes it a lot easier for account creation, b/c at account creation time, the user would enter password and descriptive phrase for the inkblot - so the bot could easily be programmed to enter random words and a password and then wait for the verification email and poof! they are registered and logged in.

That's sort of what I was thinking...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.