Program | authenticode | Verification code Note: Many of the resources in this article come from the Internet, and copyright is not related to the author of this article, just reference.
Now, log on to the site, post comments ... is a input box below are welcome to enter the verification code, bubble Network people Ah, have entered. If you want to understand the role of verification code, please Google yourself first, if you want to make your own verification code program, such as ASP (asp.net), PHP, JSP ... Wait, you can also goolge first. If you want to enjoy the verification code long what kind of, that good, do not have to Google first, look at me to find a few site verification code.
1. Appreciate the verification code
I saw the first verification code: 8723, a random number of strings, the most original verification code, the role of validation is almost zero, hehe.
CSDN website User login:, GIF format, currently used in random digital picture verification code. The characters on the picture are more modest and the verification effect is better than the previous. The person who does not have basic graphic image to learn knowledge, cannot break! Unfortunately read its program, in CSDN use it the first day, as if on the forum released, really poor!
QQ website User Login with:, PNG format, pictures with random numbers + random capital letters, the entire composition a bit of publicity, each refresh once, each character will change position! Sometimes out of the picture, the human eye can not recognize, fierce ah ...
Ms's Hotmail Application time:, BMP format, random number + random capital letters + random interference pixels + random position +???, This makes you convinced that it is. It is the boss of Ms. If you can't see the character above, you can also click the bottom link, Listen to Speech reads (note: No random background noise interference, just TTS voice). This is very considerate user!
Google's Gmail registration time: JPG format, random English letters + random color + random position + random length (?) +??, hehe, looks good ...
Looking for a few, are tired, and finally to put a very strong verification code characters, is Gmail:
Special Note: This is javaeye in the other people, do not mistakenly think that I met, Khan Ah!! )
Enjoy the verification code, then what is the use of these verification code, do not know the results of the students to Google how?
2. Verification Code Function Analysis
I copy a section of MS in the case of passport help:
Typing the characters in a picture helps make sure that a regular user, not an automated program, fills in the registration form.
This is important because an attacker would use unwanted programs to register a large number of WEB service accounts (such as Passport). Attackers can use these accounts to create trouble for other users, such as sending spam or slowing down the service by repeatedly logging on to multiple accounts at the same time.
In most cases, the autoenrollment program does not recognize characters in this picture.
Simply put, it is to prevent the attacker to write programs, autoenrollment, repeated login brute force crack password ... ,
Verification code implementation process: server-side randomly generated authentication code string, stored in memory, and write pictures, sent to the browser side display, browser-side input captcha image characters, and then submitted to the server side, committed characters and server-side saved the character comparison is consistent. Continue as you go, or you will be prompted.
The attacker wrote the robot program, it is difficult to identify the authentication code characters, the smooth completion of autoenrollment, login ... And the user can be identified to fill out, so this has achieved the role of blocking attacks.
In particular, robot producers can also go to identify the verification code, so I said the first type of direct output character verification effect is almost zero. And the image of the character recognition, is to see the intensity of interference in the picture.
In the actual effect, the verification code only increases the difficulty of the attacker, but it is not completely prevented.
However, anyway, in order to secure the system, the use of verification code is also a measure, then how to write a verification code program, I believe that Google, there are a lot of ready-made code.
3. Principle of Procedure
Through the above analysis, especially the process analysis, I believe that writing code is very easy thing. such as the current popular implementation:
Service-side filename: imgcode.*
Pseudo code:
Random code Generation À1. Save session ("code")
2. Call the drawing function or directly write the 2 image format, in memory to generate pictures
Client FileName: login.htm
Pseudo code:
<form name= "Login" action= "Check" >
<input type= "text" name= "Checkcode" value= ""/>
</form>
Service-side filename: checekcode.*
Pseudo code:
If gets the value of the client Checkcode =session ("code")
{
Ok
}
Else
{
Err
}
The basic implementation is this, in fact, is the verification code picture generation part, the verification part. In order to enhance the role of security code, the key place is to add interference, image generation.
4. Verification code in the image technology discussion
The current popular web development server-side technology, many have the drawing API function, the generation of pictures of the code is very simple, it is not mentioned more. There is no built-in drawing function ASP, the discussion according to the known picture format, write 2 data, generate pictures, first Luantan point graphic image of things.
Let's look at the picture below:
1111011111
1100011111
1111011111
1111011111
1111011111
1111011111
1111011111
1111011111
1111011111
1100000111
If we think of the position 0 and 1 as a lantern, and 0 for the light, and 1 for the end, then it becomes the following figure:
1111011111
1100011111
1111011111
1111011111
1111011111
1111011111
1111011111
1111011111
1111011111
1100000111
The 0 location consists of a "1" word. If in electronic technology, the above picture can be regarded as a 10x10 lattice. Similarly, the display can be seen as a point composition. We output a group of 01 of the signal, light and dark form an image, is the simplest black-and-white bitmap. This is the simple display principle.
Imagine a man in control of a group of 10*10 lights, he used the light to display a "1" word, then he used in what order to turn on the light. The lamp is divided into horizontal direction and vertical direction, starting from the bottom left corner, the first left to the right horizontal direction control lights, a line is completed, then up, in turn, and finally reached the top right corner of the end.
In electronic technology, we put such action into row Scan and field scan, corresponding to the description of the line frequency and field frequency (refresh rate) is to measure the quality of the picture tube is an important indicator (digress???) )。 If we use program control to press the top scanning method in one area of the screen (image size), according to such a string of 2 characters " 1111011111110001111111110111111111011111111101111111110111111111011111111101111111110111111100000111 ", The 0 position is shown in white, and the rest is black, so we output a "1" image with a black background. Of course, if you are displaying images in Windows, you also need to follow the standard of the format of the image, otherwise it cannot be recognized by the system, so you also need to add information that represents the image format itself (the image header).
Wordy so much, let's look at a specific code to generate BMP format Verification code (this code is based on a code on the Web simplified, copyright to the original author):
Generate validation picture file: checkcode.asp
<%
' This Code source online code
' Copyright belongs to the original author
' To illustrate the principle of removing the clutter generated
' I'm not responsible for anything.
Call Com_creatvalidcode ()
Sub Com_creatvalidcode ()
' Disable caching
Response.Expires =-9999
Response.AddHeader "Pragma", "No-cache"
Response.AddHeader "Cache-ctrol", "No-cache"
Response.ContentType = "Image/bmp"
Randomize
Dim I, II, III
Const Camount = 36 ' text quantity
Const ccode = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
' Color data (character, background)
Dim Vcolordata (2)
Vcolordata (0) = ChrB (0) & ChrB (0) & ChrB (0) ' Blue 0, Green 0, Red 0 (black) 0 position color
Vcolordata (1) = ChrB (255) & ChrB (255) & ChrB (255) ' Blue 250, green 236, Red 211 (white) 1 position color
' Randomly generated characters
Dim Vcode (4), vcodes
For i = 0 to 3
Vcode (i) = Int (Rnd * camount)
Vcodes = vcodes & Mid (Ccode, Vcode (i) + 1, 1)
Next
Session ("Checkcode") = Vcodes ' Log into session
' Character of the data
Dim Vnumberdata (36)
Vnumberdata (0) = " 1110000111110111101111011110111101001011110100101111010010111101001011110111101111011110111110000111 "
Vnumberdata (1) = " 1111011111110001111111110111111111011111111101111111110111111111011111111101111111110111111100000111 "
Vnumberdata (2) =
