Re: [PHP] MD5 & bot Question

Mon, 09 Apr 2007 09:53:18 -0700 

At 9:58 AM -0400 4/9/07, Robert Cummings wrote:

On Mon, 2007-04-09 at 09:45 -0400, tedd wrote:
 > >>  However, this did make me wonder about the images that M$ and others

 >>  are using for captchas -- like find the kitty in a set of pictures.
 >>  The MD5 application could be used to identify as many pictures as any
 >>  spammer would need. So, I think MD5 method, as described in this
 >>  thread, would work very well to crack those type of captchas.
 >
 >I doubt Microsoft is using a static image repository for captchas.
 >
 >Cheers,
 >Rob.

 I doubt that their image repository infinite.

 Plus, I envision a method where a bot could:

 1. Scan the site, gather the images and key phrase.

 2 MD5 the images.

 3. Place all the MD5's with the associate key phrase in a dB.

 4. Refresh and repeat.

 With repeated refreshes (not attempts at trying to enter), the key
 phrases associated with the MD5's will build and the bot will learn.

 It works like this -- the phrase "find the kitty" or key word "kitty"
 will always be associated with the picture of the kitty WHEN "kitty"
 is the solution. All other key phrases/words associated with the
 kitty picture will eventually "stack out" as just be background noise
 as data is gathered.

 As such, a bot could have a foundation at making an intelligent
 guess. Also, every guess (successful or not) provides even more data
 to be considered. The more data gathered, the better the guess.


Hi Tedd,

Put down the crack pipe please... captcha images are usually generated
on the fly. Their image repository is 0. Their image universe is all of
the permutations of an image containing all of the range of serial codes
embedded in the images according to their morphing routine. I highly
doubt the US Government could afford the space required to store all of
the permutations. Considering the number of bytes available to a
dynamically generated image, it is highly likely that the images would
be capable of exhausting the entire md5 universe.

Cheers,
Rob.


Rob:
Duh -- put down the joint and stay on the subject. We were talking about M$'s "picture" captcha where they show pictures and ask a question like "Pick the picture that shows a kitty" and NOT an "on the fly" graphic captcha. There are different types of captchas. 

Cheers,

tedd


--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to