Current and future of the Verification Code (1)

 

In the CAPTCHA test, the server computer will automatically generate a question to be answered by the user. This question can be generated and judged by computers, but it must be answered by humans. Because the computer cannot answer CAPTCHA's questions, users who answer questions can be considered as humans. CAPTCHA is used by computers to test humans, not by humans in the standard Turing test. Therefore, CAPTCHA is sometimes called a reverse Turing test.

Whether the Verification Code actually protects the Computer System

A team of researchers from Stanford University, palo alto, pointed out that many verification codes did not play their due role at all. The researchers even designed a general program that can identify verification codes on many websites with high success rates, including Visa's Authorize.net, Blizzard's official website, eBay, and Wikipedia.

This recognition technology applies to a conceptual model in the field of robot vision, which helps the robot to correctly recognize the shape of an object without the interference of image noise. Stanford, a tool named Decaptcha, uses an algorithm written with the guiding ideology to split distorted and noise-filled images into letters and numbers that can be identified by optical recognition technology OCR.

"Most verification codes have not been verified before they are put into use, and there is a lack of reliability tests. "Elie Bursztein, a postdoctoral researcher from the Stanford University security lab, said:" I hope our research will give people a more careful way to design and use verification codes. "

Decaptcha can successfully identify the verification code image on the 66% Visa payment website Authorize.net and successfully capture the 70% verification code on Blizzard Entertainment website. Wikipedia has 1/4 verification codes that can be identified, and the number on CNET and Digg.com is reduced to 1/5. Although Baidu's verification code has a recognition rate of only 5%, the same verification code appears as frequently as 98% during the test, which is easily cracked by attackers. The research team from Stanford subsequently pointed out that any verification code system with an identifiable rate of more than 1% should not be used any more.

Verification code recognition rate of major websites: