Captcha

A captcha [' kæptʃə ] (also CAPTCHA; . Engl Completely Automated Public Turing test to tell Computers and Humans Apart " fully automated public Turing test to distinguish between humans and computers " ) is used to decide whether the other person is a man or a machine. Usually you do this in order to check whether entries in Internet forms over people or machines (robots, short Bot) have been made, because robots are here often misused. Spelling so ensure safety.

The term Captcha was used for the first time in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and at Carnegie Mellon University, and John Langford of IBM and is a homophone of the English word capture ( capture, capture ). Occasionally method for distinguishing between robots and humans as HIP (English Human Interaction Proof) are referred to.

Explanation

CAPTCHAs are challenge-response usually tests in which the respondent has to solve a task (challenge ) and the result (response) sends back. In spelling the tasks are ideally so that they are easy for people to solve, for computer, however, very difficult. An example of this is text that has been distorted by image filters. Computers require pattern recognition algorithms to process such images, which are complicated to program and make high demands on the hardware. In addition to graphical and audio captchas captchas or video captchas are now used. In Asirra of Microsoft, the user must recognize animals on photos.

Spelling according to their name have the following properties:

• Question and answer are generated automatically by a random and under certain rules at each access attempt. It is therefore not carried forward by people catalog of questions and answers used because of its limited range of values ​​would lead to significantly faster repetitions and thus facilitate an attack.
• The algorithm used is public, so professionals can assess the security of the system. Spelling, thus following Kerckhoffs ' principle and avoid security through obscurity.

Disadvantages

It image-based puzzles are mostly used; but these are not accessible because they are recognized difficult for visually impaired people. Several vendors therefore use additional acoustic spelling to increase accessibility. Deafblind and user purely text- based browser, however, remain also be excluded. For the latter, however, another method would be suitable, which lyrically is querying a word, such as: " What do you call a motorized, four-wheeled vehicle ." The answer in this case would "Auto". Such question-answer lists but should be extended very easily or permanently rewritten, since one could teach a spambot such lists. In addition, they will provide a barrier for non-native speaking or intellectually disadvantaged dar.

Basically every difficult problem in artificial intelligence is likely to be used for a captcha. The technical escalation causes the captchas are always difficult for humans to solve, and therefore constitute a long-term solution.

CAPTCHAs are under usability aspects also are problematic because they pose hurdles, some of which lead to a significant overhead for the user in achieving a goal. In addition, the purpose of a spelling opens up many sufferers not intuitive, which leads to confusion over a seemingly senseless function. From these sources of problems often result Terms crashes, error messages, and discontent with the user. One recent study found that Internet users worldwide spend a total of 150,000 hours per day with the solution of CAPTCHAs.

Areas of application

Possible applications are services where bots can manipulate or abuse the service, such as online surveys, guest books, registering e -mail addresses ( can be sent from those spam) or the prevention of spam by concealing the e- mail address. In addition, spelling also be used in conjunction with an indexed TAN list for defense against man-in- the-middle attacks for online banking applications.

A secondary benefit from the solution of CAPTCHAs generated by Google Inc. with the service reCAPTCHA for their project Google Books. Unrecognized text passages in the Google Books scanning project are displayed as single words Internet users as Captcha. In addition to the scanned word a real Captcha still appears. Both words are resolved by the user. The real Captcha word is used for the actual prompt. The detection of the scanned word is stored. For multiple identical spelling of the scanned word at different Captcha operations, the word is recognized as properly stored and is included in the Google Books scanning project.

Bypass Captchas

Solve by machines

With increasing proliferation of Captcha -protected websites began an arms race between the manufacturers of spelling and the developers of machine solutions, so that soon programs have been developed to circumvent the protection of spelling. Many now older implementations today are solvable for machines with relatively little effort. For common implementations, such as those in the phpBB ( software for providing an internet forum ) used already exist spambots who read the captchas and thus can bypass this protection. Another example is bypassing captchas by spammers in the automatic creation of Gmail accounts with a detection rate of 20 to 30 percent. In the original version of the spelling of SchülerVZ also managed to bypass them and thus to conduct a bulk copy of profile information in the way. An automated bot, which consisted only of a simple combination of a Perl script and Ajax programming could solve all the captchas.

Release by human

Unknowingly

A technically simple way to bypass a Captcha mechanism is to delegate a recognition task to unaware users. A spammer taught, for example, an a honeypot to be solved by the visitors spelling, which were taken over by the target of spammers. 2007 unmasked Trend Micro and Panda Security a Trojan, the dissolved spelling rewarded with images of a lady be stripped.

Knowingly

By means of collaborative cooperation, on so-called Captcha Exchange servers, the first decade of the 21st century groups worked end to it, each other to create solutions in stock. Due to technical developments and the establishment of the paid services, the idea could hardly prevail. In the third world, there are several vendors that can solve captchas in sweatshops.