Decipher how the authentication code technology distinguishes people and computers

Source: Internet
Author: User
Keywords Website security authentication code technology

Do you know what a CAPTCHA is?

"Verification Code" (CAPTCHA) is not what users have always seen on different sites of those illegible letter combination pronoun, the verification code is commonly known as "automatic distinguish between computer and human Turing test", so as the name suggests, its role is to distinguish between computer and human.

In the CAPTCHA test, the computer that is the server will automatically generate a problem for the user to answer. This problem can be generated and judged by the computer, but only human beings can answer it. Because computers cannot answer CAPTCHA's questions, users who can answer questions are considered human. And Captcha is a computer to test humans, not the standard Turing Test so that humans to test the computer, so sometimes people call Captcha is a reverse Turing test.

A joke about the CAPTCHA

Verify that the code really protects the computer system

A team of researchers from Stanford University pointed out that many of the verification codes did not work as they should. The researchers even designed a general-purpose program that identifies many of the site's authentication codes at a very high rate, including Visa's website Authorize.Net, Blizzard's official website, EBay, and Wikipedia.

This recognition technique uses a conceptual model in the field of robotic vision, which helps the robot to recognize the shape of an object correctly without interference from the noise of the image. Stanford's Decaptcha tool uses the above guidelines to divide distorted and noisy images into letters and numbers that can be identified by optical recognition technology (OCR).

"Most validation codes are not validated as required before they are put into use, and there is a lack of reliability testing." "I hope our research will give people a more cautious approach to the design and use of CAPTCHA," said Elie Bursztein, a researcher at the Stanford University Security Laboratory. “

Decaptcha can successfully identify the 66% Visa payment site Authorize.Net on the Verification code picture, and can successfully capture the Blizzard Entertainment website 70% of the verification code. Wikipedia has one-fourth of the code that can be identified, and the number on CNET and digg.com is down to one-fifth. The research team from Stanford then pointed out that any authentication code system with an identifiable rate of more than 1% should not be continued.

Verification code identification rate for major websites:

Then Blizzard issued a statement saying that they knew clearly that the verification code technology was not high enough for security. "We only use CAPTCHA technology at the primary security level to ward off certain attacks, such as registration," he said. We use a number of more secure and reliable technologies to protect our customers and backbone servers. "Shon Damron from Blizzard said.

Today's Verification code

Verification code technology is still very important in the current network world, it helps to prevent automatic robot batch registration of network mailboxes and send spam, but also to prevent the message board is automatically filled with ads, and even the voting system to better reflect the real situation.

Examples of authentication codes used by major Web sites:

The Chinese code example used by Sina Weibo-it does not seem to take into account the internationalization scenario:

So far, only Google's verification code has completely blocked Decaptcha's identification, and Google's reCAPTCHA project, acquired from Carnegie Mellon University in 2009, has also shown extremely high reliability. reCAPTCHA has been widely used on nearly 100,000 sites, including Twitter, Facebook, Craigslist, Ticketmaster (a website that sells tickets for concerts, sporting events, operas and art exhibitions) and Microsoft ( Microsoft).

Bursztein hopes that developers will be able to design and use captcha more systematically, and he cites an example of their own computer program algorithms, which people used to design in the the 1980s, but over time, peer testing and professional security assessments are also important.

Looking to the future of verification code

It has been reported earlier that Google is testing a new verification code technology that does not require input text like the traditional authentication code system, but rather requires the user to rotate the graphic to the correct direction:

Another image-based authentication code:

Similar verification code also requires users to enter the current time, the site domain name visited, their own time zone, or even the President of the United States, the first human landing on the extraterrestrial planet. This kind of verification code mainly considers that the automatic computer program does not have enough logical thinking ability, can not identify and solve the logic problem. Puzzle verification code, to find different verification code (such as a picture from a few cats to find a picture of a dog) is essentially similar to the verification code, however, the main reason for not having such a large scale deployment is that there is not enough resources to withstand the exhaustive attack (the same problem may occur after the attacker has repeatedly refreshed the authentication code).

Require the user to draw the verification code for the graphic:

Require users to complete the verification code for complex arithmetic questions--apparently too complex to appear unfriendly:

Verification code also brings more possibilities, such as the opportunity to profit through advertising, the following verification code demonstrates the use of verification code display ads:

Regrettably, however, it is also threatened by the threat of exhaustive attacks because of its lack of scale.

These future verification code technologies should also take into account accessibility features. If the user has visual impairment, he should be able to choose to listen to the authentication Code audio method to complete the verification, which is also a character-based verification code technology has been slow to replace one of the main reasons.

Summary

Verification code technology is a product of the development of computer technology, human desire computer can through automated process to complete more tasks, but also to prevent the computer is used in the destruction and malicious use. As research in the field of artificial intelligence becomes more advanced, computers will become more and more reasonable (think of Siri, think of IBM's newest super intelligent computer Watson).

Turing's design was designed to promote the development of artificial intelligence and to demonstrate the feasibility of making humanoid robots from the point of view of philosophy and computer science, but he may never have imagined that one day humans would need a technology to strictly differentiate themselves from computer systems.

If one day, the computer can be verified by verification code, how can we distinguish between human and computer?

Some of this article comes from CNET and Wikipedia

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.