Posted by kecoak on Oct 23, 2007

More on reCaptcha

After some simple explanation regarding re-captcha on this blog few months ago, I still had some question on my head (funny indeed, explain it but doubt about it’s ability) regarding it’s theory behind the implementation. The question by me at that time was, the chance to beat the re-captcha is 50% by coincidence. 2 words, one is known for it’s answer and the other’s are being solved. We don’t know which one is solved and which one is not solved yet.

I haven’t looked deeper into the source or API for re-captcha, but some of experiment on random chance proved that answers are accepted by system, even if one of the answer was false. No need to argue about if both answer are false, the system would definitely reject it, but if one of them are right and the words is ‘known’ words then system would accept it.

The problem would be…how can the bot find out the known words?it seem like the same question when the first captcha appear on public, “how can the bot crack the captcha”?

And sometimes later, the algorithm to break captcha available for public bot. So, it’s not impossible that someday later we can find the algorithm to break the ‘known words’ for re-captcha, isn’t it?

Even we can conclude that breaking known words for re-captcha would bypass the challange, it still difficult to break those known words. Known words on re-captcha come from solved words by people around the world, so no static algorithm is used to create the captcha, it just “unsolved words by OCR which has been solved by human eyes”. So, quite impossible to develop application which can read that known words.

Well, nothin impossible in security world. At least we can conclude that if we can break the known words of re-captcha, then no need to even try break the unknown words cause system will accept our answer. Not easy, but not impossible, right?!

Post a Comment

One Response to “More on reCaptcha”

  1. Johnd847 says:

    location within my public complexes! aagbekcfkafd


  1. Kecoak Elektronik Indonesia » Breaking the CAPTCHA - [...] menggunakan reCAPTCHA, dimana akan sangat-sangat sulit menembusnya seperti yang saya kemukakan pada blog sebelumnya, walaupun memang bukan berarti tidak…

Leave a Reply

Your email address will not be published. Required fields are marked *