Home About News Contact
 

CAPTCHAs

Introduction

Last updated: October 23, 2004

From Wikipedia:

A captcha (an acronym for "completely automated public Turing test to tell computers and humans apart") is a type of challenge-response test used in computing to determine whether or not the user is human. The term was coined in 2000 by Luis von Ahn, Manuel Blum, and Nicholas J. Hopper of Carnegie Mellon University, and John Langford of IBM. A common type of captcha requires that the user type the letters of a distorted and/or obscured sequence of letters or digits that appears on the screen. Because the test is administered by a computer, in contrast to the standard Turing test that is administered by a human, a captcha is sometimes described as a reverse Turing test.

Captchas are used to prevent bots from using various types of computing services. Applications include preventing bots from taking part in online polls, registering for free email accounts (which may then be used to send spam), and, more recently, preventing bot-generated spam by requiring that the (unrecognized) sender successfully pass a captcha test before the email message is delivered.

From the CAPTCHA Project:

A CAPTCHATM test is a program that can generate and grade tests that:

  • Most humans can pass.
  • Current computer programs can't pass.

A number of open source (free) captcha solutions are available -- some of which are listed below for comparison. Please check with the developer's web site for software updates and more detailed information.

Comparison Matrix1

Feature Authen::Captcha Captcha Captcha-TT HN Captcha Img Validator OCR Captcha Veriword
Language Perl PHP PHP PHP PHP PHP PHP
Public Text  
- Generator rand() mt_rand() mt_rand() md5(uniqid(rand())) md5(uniqid(microtime())) md5(uniqid(rand())) array_rand()
Private Key  
- Encryption MD5 - MD5 MD5 MD5 MD5 -
- Storage File Session Session or Cookie Form Session Form Session
Image  
- Output2 File Buffer Buffer File Buffer File Buffer
- Format3 PNG JPEG, PNG JPEG, PNG JPEG JPEG, PNG PNG JPEG, PNG
- Fonts Images4 TrueType5 TrueType5 TrueType5 TrueType5 TrueType5 TrueType6
- Text Rotation - - Yes Yes - Yes Yes7
- Background Images - Images Noise or Grid Images Noise or Grid Images
- Colours Fixed Fixed Random Random8 Hybrid9 Random Fixed
Version 1.023 - 1.0.1 1.2 - 1.2 1.3
Released 2003-12-17 2004-04-05 2004-04-07 2004-04-16 2004-09-15 2004-04-13 2004-10-23
License GPL GPL GPL GPL GPL GPL Other10
Author(s) Seth T Jackson,
Josh I Miller		 Pascal Rehfeldt Charles Gentry Horst Nogajski Alfred Reinold Baudisch Julien Pachet Huda M Elmatsani

Notes:
1. Disclaimer: the SoftwareDevelopment.CA web site uses Captcha-TT.
2. Temporary file vs. internal output buffer.
3. Without programmatic changes.
4. One typeface with each available character stored as a bitmap image file.
5. Hardcoded list of fonts to choose from.
6. Randomly selected from fonts directory.
7. Wave effect.
8. Web safe colour palette.
9. Random selection from fixed colour schemes.
10. "This program is free for any purpose use."

Criticisms

There are three major criticisms of CAPTCHAs:

  1. Patent encumbrance.
    USPTO patent 6195698 - Method for selectively restricting access to computer systems.
    USPTO patent application 20040199597 - Method and system for image verification to prevent messaging abuse.
  2. Inaccessibility to the visually impaired (for text-based CAPTCHAs).
    Audio captchas appear to be the dominant working solution to this problem (intensified in the USA by the "Americans with Disabilities Act"). For example, the MSN Hotmail registration system offers an audio captcha as an alternative to the image captcha. Here, the characters appearing in the captcha picture are read aloud in a woman's voice, with random background noise added to thwart voice recognition software.
  3. Circumvention by spammers.
    One technique is to use optical character recognition (OCR) and image manipulation tools. Another is to trick humans into solving the problem under false pretenses (e.g., captcha recycling).