A joke about verification code
What is a verification code
"Verification Code" (CAPTCHA) in fact, not everyone is always seen on different websites of the illegible letter combination pronoun, but "fully automatic distinction between computer and human Turing test" commonly known as, as the name suggests, its role is to distinguish between computer and human.
In the CAPTCHA test, the computer that serves as the server automatically generates a problem to be answered by the user. This problem can be generated and judged by the computer, but it must be solved only by humans. Because the computer cannot answer the CAPTCHA problem, the user who answers the question can be considered human. CAPTCHA is a computer to test humans, not a standard Turing test in which humans test computers, so people sometimes call CAPTCHA a reverse Turing test.
Does the verification code really protect the computer system
PALO ALTO, a team of researchers from Stanford University, points out that many of the CAPTCHA codes do not work as they should. The researchers even designed a general-purpose program that identifies many of the site's authentication codes at a very high rate, including Visa's website Authorize.Net, Blizzard's official website, EBay, and Wikipedia.
This recognition technique uses a conceptual model in the field of robotic vision, which helps the robot to recognize the shape of an object correctly without interference from the noise of the image. Stanford's Decaptcha tool uses the above guidelines to divide distorted and noisy images into letters and numbers that can be identified by optical recognition technology (OCR).
"Most validation codes are not validated as required before they are put into use, and there is a lack of reliability testing." "I hope our research will give people a more cautious approach to the design and use of CAPTCHA," said Elie Bursztein, a researcher at the Stanford University Security Laboratory. “
Decaptcha can successfully identify the 66% Visa payment site Authorize.Net on the Verification code picture, and can successfully capture the Blizzard Entertainment website 70% of the verification code. Wikipedia has one-fourth of the code that can be identified, and the number on CNET and digg.com is down to one-fifth. Baidu's verification code, although only 5% of the identification rate, but in the process of testing the same verification code appears as high as 98%, it is very easy to be attacked by the use of exhaustive method. The research team from Stanford then pointed out that any authentication code system with an identifiable rate of more than 1% should not be continued.
Verification code identification rate for each major website:
Then Blizzard issued a statement saying that they knew clearly that the verification code technology was not high enough for security. "We only use authentication code technology at the primary security level to ward off certain attacks, such as registration. We use a number of more secure and reliable technologies to protect our customers and backbone servers. "Shon Damron, from Blizzard, said.
Today's Verification code
Verification code technology is still very important in the current network world, it helps to prevent automatic robot batch registration of network mailboxes and send spam, but also to prevent the message board is automatically filled with ads, and even the voting system to better reflect the real situation.
Examples of authentication codes used by major Web sites:
The Chinese code example used by Sina Weibo--it does not seem to take into account the internationalization situation:
So far, only Google's verification code has completely blocked Decaptcha's identification, and Google's reCAPTCHA project, acquired from Carnegie Mellon University in 2009, has also shown extremely high reliability. reCAPTCHA has been widely used on nearly 100,000 sites, including Twitter, Facebook, Craigslist, Ticketmaster (a website that sells tickets for concerts, sporting events, operas and art exhibitions) and Microsoft ( Microsoft).
Bursztein hopes that developers will be able to design and use captcha more systematically, and he cites an example of their own computer program algorithms, which people used to design in the the 1980s, but over time, peer testing and professional security assessments are also important.
Looking to the future of verification code
It has been reported earlier that Google is testing a new verification code technology that does not require input text like the traditional authentication code system, but rather requires the user to rotate the graphic to the correct direction:
Another image-based authentication code:
Similar verification code also requires users to enter the current time, the site domain name visited, their own time zone, and even the President of the United States, the first human landing on the extraterrestrial planet. This kind of verification code mainly considers that the automatic computer program does not have enough logical thinking ability, can not identify and solve the logic problem. Puzzle verification code, to find different verification code (such as a picture from a few cats to find a picture of a dog) is essentially similar to the verification code, however, the main reason for not having such a large scale deployment is that there is not enough resources to withstand the exhaustive attack (the same problem may occur after the attacker has repeatedly refreshed the authentication code).
Require the user to draw the verification code for the graphic:
Require users to complete the verification code for complex arithmetic questions--apparently too complex to appear unfriendly:
Verification code also brings more possibilities, such as the opportunity to profit through advertising, the following verification code demonstrates the use of verification code display ads:
Regrettably, however, it is also threatened by the threat of exhaustive attacks because of its lack of scale.
These future verification code technologies should also take into account accessibility features. If the user has visual impairment, he should be able to choose to listen to the authentication Code audio method to complete the verification, which is also a character-based verification code technology has been slow to replace one of the main reasons.
Summarize
Verification code technology is a product of the development of computer technology, human desire computer can through automated process to complete more tasks, but also to prevent the computer is used in the destruction and malicious use. As research in the field of artificial intelligence becomes more advanced, computers will become more and more reasonable (think of Siri, think of IBM's newest super intelligent computer Watson).
Turing's design was designed to promote the development of artificial intelligence and to demonstrate the feasibility of making humanoid robots from the point of view of philosophy and computer science, but he may never have imagined that one day humans would need a technology to strictly differentiate themselves from computer systems.
If one day, the computer can be verified by verification code, how can we distinguish between human and computer?
Article Source: Love Fan ER