Re: [PHP] MD5 & bot Question

On Wed, April 11, 2007 8:09 am, tedd wrote: > -- that's all. See the subject line. I'm sorry that I thought the thread had spilled over beyond the scope of the Subject. Since we rarely do that here in PHP General, I should have known better. :-) I don't think your work is "lame" I think it's "

Re: [PHP] MD5 & bot Question

On Wed, April 11, 2007 7:30 am, tedd wrote: > At 7:50 PM -0500 4/10/07, Richard Lynch wrote: >>On Sun, April 8, 2007 11:12 am, tedd wrote: >>> chose from. Unless, there is something here that I don't >>> understand >>> (which very well could be), I can't see how anyone, without >>> massive >>> c

Re: [PHP] MD5 & bot Question

At 8:36 PM -0500 4/10/07, Richard Lynch wrote: > With millions of different images and more being added, it presents a considerable challenge to crack. I think not... You only have to find 10,000 people who hate MS and give each of them 200 unique images to identify. Well actually, all on

Re: [PHP] MD5 & bot Question

At 7:52 PM -0500 4/10/07, Richard Lynch wrote: On Sun, April 8, 2007 11:26 am, tedd wrote: The way I figure it, in an image I have 72 dot per square inch -- so, in one square inch that's 5,184 places for me to store a 24 bit key. To me, that's a lot of places to hid my Easter egg -- is that n

Re: [PHP] MD5 & bot Question

At 8:11 PM -0500 4/10/07, Richard Lynch wrote: On Tue, April 10, 2007 7:47 am, tedd wrote: Your use of metaphor is quite colorful, but if you if change a single pixel in an image, then you change the MD5 signature -- that is what I was talking about -- and that is not wrong. Unless I look a

Re: [PHP] MD5 & bot Question

At 7:50 PM -0500 4/10/07, Richard Lynch wrote: On Sun, April 8, 2007 11:12 am, tedd wrote: chose from. Unless, there is something here that I don't understand (which very well could be), I can't see how anyone, without massive computer resources, could break that. Am I wrong? You are wron

Re: [PHP] MD5 & bot Question

On Tue, April 10, 2007 8:01 am, tedd wrote: > An OCR is an Optical Character Reader -- it's design is to recognize > characters (A-Z 0-9), not images. > > That's the reason why I previously used the term "OCR-like" > application -- meaning that it would be designed/programmed to "see" > the differe

Re: [PHP] MD5 & bot Question

A) 2 million MD5s is chump-change. B) Telling a "cat" from a "dog" is probably a homework exercise for AI Vision grad students. On Mon, April 9, 2007 3:35 pm, tedd wrote: > At 1:04 PM -0400 4/9/07, Robert Cummings wrote: >>On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: >> >We were talking >> > a

Re: [PHP] MD5 & bot Question

On Tue, April 10, 2007 7:47 am, tedd wrote: > Your use of metaphor is quite colorful, but if you if change a single > pixel in an image, then you change the MD5 signature -- that is what > I was talking about -- and that is not wrong. Unless I look at enough images to figure out that you are just

Re: [PHP] MD5 & bot Question

On Sun, April 8, 2007 11:46 am, Jochem Maas wrote: > in theory it's all crackable - but somewhere along the line the > problem becomes > too hard to make it worth the effort to try (unless your securing Fort > Knox or something) In REALITY, 99.9% of the Bad Guys will be kept out by *ANY* CAPTCHA/d

Re: [PHP] MD5 & bot Question

On Sun, April 8, 2007 11:26 am, tedd wrote: > The way I figure it, in an image I have 72 dot per square inch -- so, > in one square inch that's 5,184 places for me to store a 24 bit key. > To me, that's a lot of places to hid my Easter egg -- is that not > enough? No. If the egg is visible to a h

Re: [PHP] MD5 & bot Question

On Sun, April 8, 2007 11:12 am, tedd wrote: > chose from. Unless, there is something here that I don't understand > (which very well could be), I can't see how anyone, without massive > computer resources, could break that. > > Am I wrong? You are wrong. The Tijnema! solution of memorizing every

Re: [PHP] MD5 & bot Question

On Sun, April 8, 2007 7:48 am, Robert Cummings wrote: > On Sun, 2007-04-08 at 05:41 -0700, benifactor wrote: >> indeed. i was just throwing out the idea of ever changing values. > > Except IP addresses aren't ever changing ;) Unless the visitor is on AOL. -- Some people have a "gift" link here.

Re: [PHP] MD5 & bot Question

On Sat, April 7, 2007 7:02 pm, Jim Lucas wrote: > This would make things almost impossible for a computer to see, but > the chances of a human screwing > it up would be almost impossible. Sigh. Look. If a HUMAN can "see" the differen, then a program can be written to "detect" the difference. Th

Re: [PHP] MD5 & bot Question

You only have 9 arrows. How tricky can it be to detect which of the 9 images you are displaying? Even if the URL is the same every time, it's a no-brainer to use OCR to detect which array is there. How many variations on this theme are we going to go through? On Sat, April 7, 2007 10:59 am, ted

Re: [PHP] MD5 & bot Question

On 4/10/07, tedd <[EMAIL PROTECTED]> wrote: At 1:17 PM -0400 4/10/07, Robert Cummings wrote: >-snip- > >That should have read: "... since no subset of..." Oh well, now it makes sense ! :-) Actually, I see exactly what you are saying. If you take a small portion of a file and MD5 it, it will giv

Re: [PHP] MD5 & bot Question

At 1:17 PM -0400 4/10/07, Robert Cummings wrote: -snip- That should have read: "... since no subset of..." Oh well, now it makes sense ! :-) Actually, I see exactly what you are saying. If you take a small portion of a file and MD5 it, it will give you a signature. If I simply change a sing

Re: [PHP] MD5 & bot Question

On Tue, 2007-04-10 at 13:13 -0400, Robert Cummings wrote: > On Tue, 2007-04-10 at 08:47 -0400, tedd wrote: > > > > Rob: > > > > Your use of metaphor is quite colorful, but if you if change a single > > pixel in an image, then you change the MD5 signature -- that is what > > I was talking about

Re: [PHP] MD5 & bot Question

On Tue, 2007-04-10 at 08:47 -0400, tedd wrote: > At 8:10 PM -0400 4/9/07, Robert Cummings wrote: > >On Mon, 2007-04-09 at 17:14 -0400, tedd wrote: > >> At 4:39 PM -0400 4/9/07, Robert Cummings wrote: > >> >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > >> > > >> > > This is exactly what

Re: [PHP] MD5 & bot Question

At 12:55 PM + 4/10/07, Ólafur Waage wrote: You were talking about an OCR reader for the arrows to see what letters it is pointing to. If the arrow would be at a random location in the actual image, the arrow being not an arrow but ie. a man pointing and the arm being flexible (so even if the

Re: [PHP] MD5 & bot Question

At 10:46 PM +0100 4/9/07, Tijnema ! wrote: On 4/9/07, tedd <[EMAIL PROTECTED]> wrote: It doesn't need to be complicated, just random placed pixels on the image from a selection of colors would provide millions of permutations. Cheers, tedd But then OCR would still work, as when somebody scan

Re: [PHP] MD5 & bot Question

You were talking about an OCR reader for the arrows to see what letters it is pointing to. If the arrow would be at a random location in the actual image, the arrow being not an arrow but ie. a man pointing and the arm being flexible (so even if the man himself would move around randomly, the arm

Re: [PHP] MD5 & bot Question

At 8:10 PM -0400 4/9/07, Robert Cummings wrote: On Mon, 2007-04-09 at 17:14 -0400, tedd wrote: At 4:39 PM -0400 4/9/07, Robert Cummings wrote: >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > > > This is exactly what tedd did in his last arrow example. He edited the >> header of the

Re: [PHP] MD5 & bot Question

On Mon, 2007-04-09 at 17:14 -0400, tedd wrote: > At 4:39 PM -0400 4/9/07, Robert Cummings wrote: > >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > > > > > This is exactly what tedd did in his last arrow example. He edited the > >> header of the GIF image, and so that would result in differ

Re: [PHP] MD5 & bot Question

tedd wrote: .. that's the reason for the alt attribute. Thanks for clarification! :) You are doing some great work with captchas... I also really like your audio captcha experiments. Keep up the great work! Cheers, Micky -- Wishlists: Switch:

Re: [PHP] MD5 & bot Question

On 4/9/07, tedd <[EMAIL PROTECTED]> wrote: At 4:39 PM -0400 4/9/07, Robert Cummings wrote: >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > > > This is exactly what tedd did in his last arrow example. He edited the >> header of the GIF image, and so that would result in different MD5. >>

Re: [PHP] MD5 & bot Question

At 4:39 PM -0400 4/9/07, Robert Cummings wrote: On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > This is exactly what tedd did in his last arrow example. He edited the header of the GIF image, and so that would result in different MD5. Finding this part and skipping it in the MD5 check

Re: [PHP] MD5 & bot Question

On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > On 4/9/07, Travis Doherty <[EMAIL PROTECTED]> wrote: > > Robert Cummings wrote: > > > > >On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: > > > > > > > > >>At 9:58 AM -0400 4/9/07, Robert Cummings wrote: > > >> > > >> > > >> > > >>>Hi Tedd, > > >>

Re: [PHP] MD5 & bot Question

At 4:19 PM -0400 4/9/07, Travis Doherty wrote: Steganography has been able to "hide" text in images for quite some time now. Basically you cram whatever info you want into the 'unused' or 'less used' bytes of the image. With this in mind I imagine even if you did have an image repository of on

Re: [PHP] MD5 & bot Question

At 1:04 PM -0400 4/9/07, Robert Cummings wrote: On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: >We were talking > about M$'s "picture" captcha where they show pictures and ask a question like "Pick the picture that shows a kitty" and NOT an "on the fly" graphic captcha. There are different t

Re: [PHP] MD5 & bot Question

On 4/9/07, Travis Doherty <[EMAIL PROTECTED]> wrote: Robert Cummings wrote: >On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: > > >>At 9:58 AM -0400 4/9/07, Robert Cummings wrote: >> >> >> >>>Hi Tedd, >>> >>>Put down the crack pipe please... captcha images are usually generated >>>on the fly. Thei

Re: [PHP] MD5 & bot Question

Robert Cummings wrote: >On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: > > >>At 9:58 AM -0400 4/9/07, Robert Cummings wrote: >> >> >> >>>Hi Tedd, >>> >>>Put down the crack pipe please... captcha images are usually generated >>>on the fly. Their image repository is 0. Their image universe is

Re: [PHP] MD5 & bot Question

On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: > At 9:58 AM -0400 4/9/07, Robert Cummings wrote: > > >Hi Tedd, > > > >Put down the crack pipe please... captcha images are usually generated > >on the fly. Their image repository is 0. Their image universe is all of > >the permutations of an image con

Re: [PHP] MD5 & bot Question

At 9:58 AM -0400 4/9/07, Robert Cummings wrote: On Mon, 2007-04-09 at 09:45 -0400, tedd wrote: > >> However, this did make me wonder about the images that M$ and others >> are using for captchas -- like find the kitty in a set of pictures. >> The MD5 application could be used to identify a

Re: [PHP] MD5 & bot Question

On Mon, 2007-04-09 at 17:28 +0200, Tijnema ! wrote: > On 4/9/07, Stut <[EMAIL PROTECTED]> wrote: > > Tijnema ! wrote: > > > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > >> On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: > > >> > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote:

Re: [PHP] MD5 & bot Question

On 4/9/07, Stut <[EMAIL PROTECTED]> wrote: Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: >> On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: >> > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: >> > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: >> > > >

Re: [PHP] MD5 & bot Question

Tijnema ! wrote: On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > > > > > I think that we can conclude that a non-crackable

Re: [PHP] MD5 & bot Question

On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > > > > > I think that we can conclude that a non-crackable CAPTCHA doesn't >

Re: [PHP] MD5 & bot Question

On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > > > > > I think that we can conclude that a non-crackable CAPTCHA doesn't > > > exist, but also that there doesn't exist a real "ha

Re: [PHP] MD5 & bot Question

On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > I think that we can conclude that a non-crackable CAPTCHA doesn't > exist, but also that there doesn't exist a real "hard to crack" > CAPTCHA. All current CAPTCHAs can be broken quite eas

Re: [PHP] MD5 & bot Question

On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > I think that we can conclude that a non-crackable CAPTCHA doesn't > exist, but also that there doesn't exist a real "hard to crack" > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help > in some cases, but only if the CAPTCHA

Re: [PHP] MD5 & bot Question

On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 09:45 -0400, tedd wrote: > At 8:49 AM -0400 4/9/07, Robert Cummings wrote: > >On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: > >> At 1:21 AM -0700 4/9/07, Micky Hulse wrote: > >> >Maybe use flash for this... harder to c

Re: [PHP] MD5 & bot Question

On Mon, 2007-04-09 at 09:45 -0400, tedd wrote: > At 8:49 AM -0400 4/9/07, Robert Cummings wrote: > >On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: > >> At 1:21 AM -0700 4/9/07, Micky Hulse wrote: > >> >Maybe use flash for this... harder to crack? (Of course, Flash will > >> >open door to other p

Re: [PHP] MD5 & bot Question

At 8:49 AM -0400 4/9/07, Robert Cummings wrote: On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: At 1:21 AM -0700 4/9/07, Micky Hulse wrote: >Maybe use flash for this... harder to crack? (Of course, Flash will >open door to other problems.) > >Sorry, coming in on this late. Good work Tedd! Ve

Re: [PHP] MD5 & bot Question

On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: > At 1:21 AM -0700 4/9/07, Micky Hulse wrote: > >Maybe use flash for this... harder to crack? (Of course, Flash will > >open door to other problems.) > > > >Sorry, coming in on this late. Good work Tedd! Very interesting. > > > M: > > Tijnema showe

Re: [PHP] MD5 & bot Question

At 1:21 AM -0700 4/9/07, Micky Hulse wrote: Maybe use flash for this... harder to crack? (Of course, Flash will open door to other problems.) Sorry, coming in on this late. Good work Tedd! Very interesting. M: Tijnema showed how MD5 could be used to identify an image file and crack my arro

Re: [PHP] MD5 & bot Question

Tijnema ! wrote: You can't stop me :) http://86.86.80.41/dev/debug/tedd.php It's cracked again :) Maybe use flash for this... harder to crack? (Of course, Flash will open door to other problems.) Sorry, coming in on this late. Good work Tedd! Very interesting. M -- Wishlists:

Re: [PHP] MD5 & bot Question

On 4/9/07, tedd <[EMAIL PROTECTED]> wrote: At 4:38 AM -0700 4/8/07, benifactor wrote: >hmm, why don't you md5 more then once.. I read somewhere that MD5'ing anything more than once, does not increase security. Cheers, tedd Not in this case, as it doesn't goes about decrypting the key here, t

Re: [PHP] MD5 & bot Question

At 4:38 AM -0700 4/8/07, benifactor wrote: hmm, why don't you md5 more then once.. I read somewhere that MD5'ing anything more than once, does not increase security. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (h

Re: [PHP] MD5 & bot Question

At 6:46 PM +0200 4/8/07, Jochem Maas wrote: just a few random thought on how to make it even more painful to crack. random colored borders, random border width, slight changes in width/height, random pixel noise or varying colors, animated gifs (where does the arrow stop), animated gifs (where

Re: [PHP] MD5 & bot Question

At 6:33 PM +0200 4/8/07, Tijnema ! wrote: On 4/8/07, tedd <[EMAIL PROTECTED]> wrote: Remember, I could also use a jpeg file and have millions of colors to chose from. Unless, there is something here that I don't understand (which very well could be), I can't see how anyone, without massive compu

Re: [PHP] MD5 & bot Question

just a few random thought on how to make it even more painful to crack. random colored borders, random border width, slight changes in width/height, random pixel noise or varying colors, animated gifs (where does the arrow stop), animated gifs (where does the red/pink/blue/green arrow point to),

Re: [PHP] MD5 & bot Question

On 4/8/07, tedd <[EMAIL PROTECTED]> wrote: At 9:42 AM +0200 4/8/07, Tijnema ! wrote: >You can't stop me :) > >http://86.86.80.41/dev/debug/tedd.php > >It's cracked again :) > >and of course i show you the code: > >http://86.86.80.41/dev/debug/tedd.txt > >Waiting for your next try :P > Tijnema:

Re: [PHP] MD5 & bot Question

At 12:38 AM +0100 4/8/07, Stut wrote: tedd wrote: Okay, I think I figured out a fix -- try it again. :-) http://sperling.com/a/arrows/ A little knowledge is a dangerous thing. Give up now, while you're still sane. Think about what you're trying to do. You're trying to do something differen

Re: [PHP] MD5 & bot Question

At 9:42 AM +0200 4/8/07, Tijnema ! wrote: You can't stop me :) http://86.86.80.41/dev/debug/tedd.php It's cracked again :) and of course i show you the code: http://86.86.80.41/dev/debug/tedd.txt Waiting for your next try :P Tijnema: I might not be able to stop you, but I am sure I can w

Re: [PHP] MD5 & bot Question

but most people have different ones :) you could also use a random position :) fooeee. Robert Cummings wrote: On Sun, 2007-04-08 at 05:41 -0700, benifactor wrote: indeed. i was just throwing out the idea of ever changing values. Except IP addresses aren't ever changing ;) Cheers, R

Re: [PHP] MD5 & bot Question

On Sun, 2007-04-08 at 05:41 -0700, benifactor wrote: > indeed. i was just throwing out the idea of ever changing values. Except IP addresses aren't ever changing ;) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.inter

Re: [PHP] MD5 & bot Question

indeed. i was just throwing out the idea of ever changing values. Robert Cummings wrote: On Sun, 2007-04-08 at 04:38 -0700, benifactor wrote: hmm, why don't you md5 more then once.. for example, use a condition that will change with every visitor. like the third num in $_SERVER['REMOTE_ADD

Re: [PHP] MD5 & bot Question

On Sun, 2007-04-08 at 04:38 -0700, benifactor wrote: > hmm, why don't you md5 more then once.. > > for example, use a condition that will change with every visitor. like > the third num in $_SERVER['REMOTE_ADDR']; or something of the sort. > then make a loop.. > > say the third num in my ip a

Re: [PHP] MD5 & bot Question

hmm, why don't you md5 more then once.. for example, use a condition that will change with every visitor. like the third num in $_SERVER['REMOTE_ADDR']; or something of the sort. then make a loop.. say the third num in my ip address is 5 the person that visits after me would get my value,

Re: [PHP] MD5 & bot Question

On 4/8/07, Tijnema ! <[EMAIL PROTECTED]> wrote: On 4/8/07, tedd <[EMAIL PROTECTED]> wrote: > >>Well, I cracked it for you :) > >> > >>http://86.86.80.41/dev/debug/tedd.php > >> > >>At the bottom it shows you the MD5 code of your arrow image, and it > >>shows you which way it points to :) > >> > >

Re: [PHP] MD5 & bot Question

On 4/8/07, tedd <[EMAIL PROTECTED]> wrote: >>Well, I cracked it for you :) >> >>http://86.86.80.41/dev/debug/tedd.php >> >>At the bottom it shows you the MD5 code of your arrow image, and it >>shows you which way it points to :) >> >>If you're interested in the code: >> >>http://86.86.80.41/dev/d

Re: [PHP] MD5 & bot Question

Stut wrote: tedd wrote: Okay, I think I figured out a fix -- try it again. :-) http://sperling.com/a/arrows/ A little knowledge is a dangerous thing. Give up now, while you're still sane. Think about what you're trying to do. You're trying to do something different on the client every time

Re: [PHP] MD5 & bot Question

tedd wrote: Okay, I think I figured out a fix -- try it again. :-) http://sperling.com/a/arrows/ A little knowledge is a dangerous thing. Give up now, while you're still sane. Think about what you're trying to do. You're trying to do something different on the client every time, but without

Re: [PHP] MD5 & bot Question

Well, I cracked it for you :) http://86.86.80.41/dev/debug/tedd.php At the bottom it shows you the MD5 code of your arrow image, and it shows you which way it points to :) If you're interested in the code: http://86.86.80.41/dev/debug/tedd.txt Tijnema Tijnema: Okay, I think I figured out a

Re: [PHP] MD5 & bot Question

At 10:33 PM +0200 4/7/07, Tijnema ! wrote: On 4/7/07, tedd <[EMAIL PROTECTED]> wrote: At 11:56 PM +0100 4/6/07, Tijnema ! wrote: On 4/6/07, tedd <[EMAIL PROTECTED]> wrote: At 2:55 PM +0100 4/6/07, Tijnema ! wrote: I know, but animated gifs are still quite easy to read with a bot. Really? W

Re: [PHP] MD5 & bot Question

On 4/7/07, tedd <[EMAIL PROTECTED]> wrote: At 11:56 PM +0100 4/6/07, Tijnema ! wrote: >On 4/6/07, tedd <[EMAIL PROTECTED]> wrote: >>At 2:55 PM +0100 4/6/07, Tijnema ! wrote: >>>I know, but animated gifs are still quite easy to read with a bot. >> >>Really? >> >>What if I a created a box surrounde

[PHP] MD5 & bot Question

At 11:56 PM +0100 4/6/07, Tijnema ! wrote: On 4/6/07, tedd <[EMAIL PROTECTED]> wrote: At 2:55 PM +0100 4/6/07, Tijnema ! wrote: I know, but animated gifs are still quite easy to read with a bot. Really? What if I a created a box surrounded by letters, like so: A B C D E F G H I However, wh