just a few random thought on how to make it even more painful to crack. random colored borders, random border width, slight changes in width/height, random pixel noise or varying colors, animated gifs (where does the arrow stop), animated gifs (where does the red/pink/blue/green arrow point to),
make the letters random with regard to character and position [and make the letters generated images them selves] that way know where the arrow is pointing is only half the solution. or may rather take this technique and combine it with std captcha such that you output an image with a stack of [freaky] letters in it and one of them has an arrow pointing at it. yadda yadda. in theory it's all crackable - but somewhere along the line the problem becomes too hard to make it worth the effort to try (unless your securing Fort Knox or something) Tijnema ! wrote: > On 4/8/07, tedd <[EMAIL PROTECTED]> wrote: >> At 9:42 AM +0200 4/8/07, Tijnema ! wrote: >> >You can't stop me :) >> > >> >http://86.86.80.41/dev/debug/tedd.php >> > >> >It's cracked again :) >> > >> >and of course i show you the code: >> > >> >http://86.86.80.41/dev/debug/tedd.txt >> > >> >Waiting for your next try :P >> > >> >> Tijnema: >> >> I might not be able to stop you, but I am sure I can wear you out. >> >> Here's my latest: >> >> http://sperling.com/a/arrows/ >> >> But before you spend too much time tying to figure it out, which with >> a HEX editor you should be able to easily discover -- this is what I >> did. >> >> 1. All my arrow GIF files range in size from about 500 bytes to 1.1 >> KB (it's not important to the solution, just a matter of range); >> >> 2. Between DEC 64 (HEX 40) to DEC 109 (HEX 6C) in the header exist >> all zeros. They don't provide any information regarding this image; >> >> 3. I simply used this area to store a single HEX number ranging from >> 0 to 255 DEC (HEX 0-255); >> >> 4. This gave me 11,475 different combinations for each GIF by >> changing a single bye in the header. If I used two bytes in the >> header, then the combinations would square. If I used all available >> space, then the possible combinations would be 11,475 to the 255 >> power (if my math is right) for each GIF. >> >> True, you could: >> >> 1. Record every MD5 of every combination for every GIF (8 x >> 11,475^255 different combinations) and then use those to crack this; >> >> 2. OR, simply zero out the area from DEC 64 to DEC 109 and use that. >> >> Either case would break my code. > > Since you're already telling how to break, i'm not gonna break it > anymore :) > Btw, also you should be able to convert it to JPEG/PNG/BMP/TIFF and > then convert it back to GIF. That should clean up the header :) > >> >> However, I am positive if I generated the image "on the fly" OR >> merged the image with a single randomized placement pixel I could >> generate an image that would be easily recognized by a human but not >> resolved by a MD5 solution. >> >> Remember, I could also use a jpeg file and have millions of colors to >> chose from. Unless, there is something here that I don't understand >> (which very well could be), I can't see how anyone, without massive >> computer resources, could break that. >> >> Am I wrong? > > Maybe... What about OCR programs? they can read letters from images, > if you could transfrom that to an program that could read arrows > instead of characters. then you probably could crack it, also if you > store random pixels in it. And that doesn't use massive computer > resources :) > > That's why i wanted to go for movies, because they are a lot harder to > process, but still they are processable by a bot, and so it could be > cracked.... > > I don't think any of us will ever find a code that's not crackable, > but the amount of time needed to crack needs to be as high as > possible, so that crackers will stay away because it takes way too > much time, and maybe also too much computer resources. But while doing > this, it should never disturb the normal user from using your site. > > >> >> Cheers, >> >> tedd >> >> PS: I love these types of discussions > > Me too :) >> -- >> ------- >> http://sperling.com http://ancientstones.com http://earthstones.com >> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
