a type of
to ensure that the response is not generated
CAPTCHA requires that the user type letters or digits from
a distorted image that appears on the screen.
A CAPTCHA is a means of automatically generating
new challenges which:
Current software is unable to solve accurately.
Most humans can solve
Does not rely on the type of CAPTCHA being new
to the attacker.
CAPTCHAs rely on difficult problems in artificial
First developed by Alta Vista in 1997.
The term coined in 2000 by Luis von
Blum and Nicholas J. Hopper of Carnegie Mellon
University and John Langford of IBM.
Primitive CAPTCHAs seem to have been developed in
Proposed by Alan Turing.
To test a machine’s level of intelligence Human judge
asks questions to two participants, one is a machine, he
doesn’t know which is which, If judge can’t tell which is
the machine, the machine passes the test.
CAPTCHA employs a reverse Turing test,
judge = CAPTCHA program,
participant = user
if user passes CAPTCHA, he is human
if user fails, it is a machine
Text Based CAPTCHAs
Graphics Based CAPTCHAs
Audio or Sound Based CAPTCHAs
relay on sophisticated distortion of text images
rendering them unrecognizable to the state of the art of
the pattern recognition programs but recognizable by
Simple, normal language questions:
What is sum of three and thirty
If today is Saturday, what is day after
Very effective, needs a large question bank
Cognitively challenged users find it hard .
Originally designed by Yahoo and CMU.
Based on human ability to read heavily distorted
works by choosing a certain number of words
from a dictionary, and then displaying them
corrupted and distorted in an image; after that
Gimpy asks the user to type the words displayed in
A modified version of Gimpy.
Used in Yahoo Messenger Service.
It contains only one random character string.
The word is random and not picked from the dictionary.
Its not a good implementation of CAPTCHA, and already broken
MSN Passport service CAPTCHAs
provided for Microsoft MSN
uses 8 characters.
Warping is used to distort.
Its very strongly implemented and hasn’t been
user to perform image recognition test
CAPTCHA that requires two steps to be passed.
first step visitor clicks elsewhere on the picture
that composed of a few images and selects in this
way a single image.
second step the selected image is loaded. It is
enlarged but very distorted. Also variants of the
answer are loaded on the client side. The visitor
should select a correct answer from the set of the
, pattern recognition expert.
User has to solve a pattern recognition problem
Animal Species Image Recognition for Restricting
It’s a HIP
that works by asking users to identify
of cats and
Difficult for computers but humans can
accomplish it very quickly and accurately.
user to solve a speech
In this version of
letters are read aloud
instead of being displayed in an
Helps visually disabled users
Below is the Google’s audio enabled CAPTCHA.
is the "
nice to humans, bad to
It is written in
A new approach to
, using human's spatial
cognition abilities to differentiate humans from
It uses a
chain to generate words that
resemble human language and are easy to type, yet
avoid dictionary lookups.
It filters profane language.
It's easy to deploy.
CAPTCHA service that helps to digitize books,
newspapers and old time radio shows
improves the process of digitizing
books by sending words that cannot be read by
computers to the Web in the form of CAPTCHAs for
humans to decipher.
word that cannot be read correctly by OCR is
placed on an image and used as a
This is possible because most OCR programs alert
you when a word cannot be read correctly.
Two words are shown, one word is known as Control
Word, and another one is known a questionable word.
System assumes that if human types the control word
correctly, the questionable word is also correct.
The identification performed by each OCR program
is given a value of 0.5 points, and each interpretation
by a human is given a full point
Once a given identification hits 2.5 votes, the word is
Preventing Comment Spam in
Protecting Email Addresses
Preventing Dictionary Attacks
Search Engine Bots
Worms and Spam
tests are based on open problems in
a CAPTCHA is not broken and there is a
way to differentiate humans from
the CAPTCHA is broken and an AI problem
Thus AI knowledge is advanced if CAPTCHAs are
Things to keep in mind:
Don’t store CAPTCHA solution in Web page’s
A CAPTCHA is no good if it doesn't distort
Need a large database of different CAPTCHA
Avoid repetition of questions
Generate the question
Persist the correct answer
Present the question to user
Evaluate answer, if incorrect, start again
If correct, allow access to user
Security after widespread adoption
Custom implementation or a general CAPTCHA?
Cracking CAPTCHAs through programs
Convert CAPTCHA into greyscale
Detect patterns in the image corresponding to
Or, read session files of that user and know the
Solution: Only store a hash of the CAPTCHA word
in session files
C mandates Web to be accessible to all people
Some CAPTCHAs are inaccessible to visually
impaired, cognitively challenged people
Some may need Adobe Flash
CAPTCHAs are an effective way to counter bots and
They serve dual purpose
help advance AI knowledge
Applications are varied
from stopping bots to
character recognition & pattern matching
Some issues with current implementations represent
challenges for future improvements