ASCII CAPTCHA

[The Little Guy]

I made a ASCII CAPTCHA, and I was wondering, do you think that it is more secure than a normal jpg/gif/png CAPTCHA?

 

http://phpsnips.com/asciiCAPTCHA.php

[corbin]

350KB.....  gzip could knock that way down, but still....  I wouldn't want to use that much bandwidth personally lol.

 

 

 

And no, it's not any more secure.  If someone were really determined, he could just convert your ASCII CAPTCHA to an image and pass it through a CAPTCHA reader.

[The Little Guy]

but then he would have to build a code to take a screen shot, resize it to get just the image isn't that hard to do?

[corbin]

Why couldn't someone just parse the HTML and use something like the GD library to generate a CAPTCHA?  Or, if someone were really determined, he could try to make something that would parse the HTML to text.

 

 

 

Going from ASCII -> image -> text would be slower than image -> text obviously, but if there was a decent accuracy rate, even something like 2%, that wouldn't matter much.

[Mchl]

The idea is cool though! Very original.

You could decrease the size by using dynamic CSS.

 

So instead of

style="color:rgb(255,255,255);"

 

you would have

class="c1;"

 

You use at most 5 colours in your captcha, so you can just create a class for each one. It would reduce the overall size by some 30%.

[GingerRobot]

I could be wrong but it would seem logical to me that text would be far easier to analyse and extract information from than an image would be. Perhaps it would be more secure insofar as the majority of tools that currently exist that might break captchas are targetted at images but i would imagine creating a tool to break a text-based captcha would be easier than an image based one.

[Mchl]

It wouldn't be much different for sure. The OCR algorithm would stay the same. It would be just a matter of transforming HTML into something it can eat.