Asp Forum - [ANN] flatulent-0.0.1 ascii captcha for the masses

ara.t.howard

7/3/2007 1:11:00 AM

NAME

flatulent : CAPTCHA for FIGLET.

SYNOPSIS

the flatulent gem provides brain dead simple ascii art captcha for
ruby.

URI

http://codeforpeople.co...
http://rubyforge.org/projects/cod...

INSTALL

gem install flatulent

EXAMPLE

def index
if params.has_key? 'flatulent'
Flatulent.validate! params
end

render :inline => <<-html
<html><body>

#{ Flatulent.form }

</body></html>
html
end

DOCS

see source in lib/*
see example rails project in ./rails

ONLINE SAMPLES

http://drawohara.tumblr.com/po...

enjoy

ps.

sorry for double post - dropped subject on the last one!

-a
--
we can deny everything, except that we have the possibility of being
better. simply reflect on that.
h.h. the 14th dalai lama

8 Answers

SonOfLilit

7/3/2007 5:15:00 AM

There's no use in the "noise" unless it's made of the same ascii
characters as the letters.

But then again, ascii art captchas are severely broken and there's
nothing simple to do about it.

Aur

On 7/3/07, ara.t.howard <ara.t.howard@gmail.com> wrote:
> NAME
>
> flatulent : CAPTCHA for FIGLET.
>
> SYNOPSIS
>
> the flatulent gem provides brain dead simple ascii art captcha for
> ruby.
>
> URI
>
> http://codeforpeople.co...
> http://rubyforge.org/projects/cod...
>
> INSTALL
>
> gem install flatulent
>
> EXAMPLE
>
> def index
> if params.has_key? 'flatulent'
> Flatulent.validate! params
> end
>
> render :inline => <<-html
> <html><body>
>
> #{ Flatulent.form }
>
> </body></html>
> html
> end
>
> DOCS
>
> see source in lib/*
> see example rails project in ./rails
>
> ONLINE SAMPLES
>
> http://drawohara.tumblr.com/po...
>
>
> enjoy
>
> ps.
>
> sorry for double post - dropped subject on the last one!
>
> -a
> --
> we can deny everything, except that we have the possibility of being
> better. simply reflect on that.
> h.h. the 14th dalai lama
>
>
>
>
>

ara.t.howard

7/3/2007 6:39:00 AM

On Jul 2, 2007, at 11:15 PM, SonOfLilit wrote:

> There's no use in the "noise" unless it's made of the same ascii
> characters as the letters.
>

the new version uses that and blowfish encoded key

> But then again, ascii art captchas are severely broken and there's
> nothing simple to do about it.

all captchas are broken and most are also complicated. nevertheless,
they are extremely effective. i'm curious why you think ascii art
captchas are more broken than any other?

kind regards.

-a
--
we can deny everything, except that we have the possibility of being
better. simply reflect on that.
h.h. the 14th dalai lama

John Joyce

7/3/2007 1:38:00 PM

On Jul 3, 2007, at 1:39 AM, ara.t.howard wrote:

>
> On Jul 2, 2007, at 11:15 PM, SonOfLilit wrote:
>
>> There's no use in the "noise" unless it's made of the same ascii
>> characters as the letters.
>>
>
> the new version uses that and blowfish encoded key
>
>> But then again, ascii art captchas are severely broken and there's
>> nothing simple to do about it.
>
> all captchas are broken and most are also complicated.
> nevertheless, they are extremely effective. i'm curious why you
> think ascii art captchas are more broken than any other?
>
> kind regards.
>
> -a
> --
> we can deny everything, except that we have the possibility of
> being better. simply reflect on that.
> h.h. the 14th dalai lama
>
>
>
>
Beautiful! another way to do human validation on user entries online!!!

SonOfLilit

7/3/2007 2:49:00 PM

With so little grid cells and so little possible transformations,
pattern matching is much much simpler.

Aur

On 7/3/07, ara.t.howard <ara.t.howard@gmail.com> wrote:
>
> On Jul 2, 2007, at 11:15 PM, SonOfLilit wrote:
>
> > There's no use in the "noise" unless it's made of the same ascii
> > characters as the letters.
> >
>
> the new version uses that and blowfish encoded key
>
> > But then again, ascii art captchas are severely broken and there's
> > nothing simple to do about it.
>
> all captchas are broken and most are also complicated. nevertheless,
> they are extremely effective. i'm curious why you think ascii art
> captchas are more broken than any other?
>
> kind regards.
>
> -a
> --
> we can deny everything, except that we have the possibility of being
> better. simply reflect on that.
> h.h. the 14th dalai lama
>
>
>
>
>

ara.t.howard

7/3/2007 5:17:00 PM

On Jul 3, 2007, at 8:49 AM, SonOfLilit wrote:

> With so little grid cells and so little possible transformations,
> pattern matching is much much simpler.

exactly which 'grid' are you referring to? there is no grid and
there are no 'word' chars in the virutal grid. have you looked at
the source? check out my response to brian.

also, i'm not so sure that that it true: a modest sized ascii
captcha has around 40960000 simple combinations. the current source
uses an encoded timestamp which must be submitted with the captcha
else it's invalid. that timestamp is only valid for a few minutes
and that means a program would have to make around 20480000 posts (on
average) to the same website within a few minutes to crack it using
brute force. this seems highly unlikely to me.

(ps. neither the timestamp not key are encode in the first release,
but the repo one has this feature)

the direction i'm heading is to have all virtual grid cells
positioned via css. which means the only real way to construct a
grid is to using a rendering engine first, and then to ocr the
clipped image. i'm very confident that

a) this can be done
b) it's even more work than traditional captcha to decode
c) it's 100 times less work for web developers

i'm truly very interested in seeing if someone can actually crack
this (i'm sure that they can) with a reasonable amount of effort.
remembering that traditional captcha can be broken with a low-medium
amount of effort yet reduces spam by around 98%.

kind regards.

-a
--
we can deny everything, except that we have the possibility of being
better. simply reflect on that.
h.h. the 14th dalai lama

James Gray

7/3/2007 5:51:00 PM

On Jul 3, 2007, at 12:17 PM, ara.t.howard wrote:

> i'm truly very interested in seeing if someone can actually crack
> this (i'm sure that they can) with a reasonable amount of effort.
> remembering that traditional captcha can be broken with a low-
> medium amount of effort yet reduces spam by around 98%.

I wonder how solid efforts like this old Ruby Quiz are:

http://www.rubyquiz.com/q...

James Edward Gray II

Karl von Laudermann

7/3/2007 7:00:00 PM

On Jul 2, 9:10 pm, "ara.t.howard" <ara.t.how...@gmail.com> wrote:
> NAME
>
> flatulent : CAPTCHA for FIGLET.
>
> SYNOPSIS
>
> the flatulent gem provides brain dead simple ascii art captcha for
> ruby.

I'm no expert on CAPTCHAs, so I'm in no position to opine on the
effectiveness of this particular mechanism. But I will say this:
couldn't you have chosen a better name than "flatulent"? :-)

Brad Phelan

7/4/2007 7:10:00 AM

Karl von Laudermann wrote:
> On Jul 2, 9:10 pm, "ara.t.howard" <ara.t.how...@gmail.com> wrote:
>> NAME
>>
>> flatulent : CAPTCHA for FIGLET.
>>
>> SYNOPSIS
>>
>> the flatulent gem provides brain dead simple ascii art captcha for
>> ruby.
>
> I'm no expert on CAPTCHAs, so I'm in no position to opine on the
> effectiveness of this particular mechanism. But I will say this:
> couldn't you have chosen a better name than "flatulent"? :-)
>

A name does not have to be nice or "good" just memorable. This
one certainly grabbed my attention. With regards to meaning I guess
the program ingests a word and after some digestion sprays out
a mess of stuff that only with some effort can be recognized
as the stuff that went in. I assume that the author was thinking
along those lines.

_ __r___ ____] _ _
| | | ____| | __ \ | || |
| | | |#_ | |__[ | | || |_X
|-| | __| | ___/ |__ _|
| |____ | | | | O | |
|______| |_|I |_| |_|
C
q: f

If you use firefox and save your example
page "as text" the captcha pops out quite easily
as I have extracted above.

The region of the catpcha can easily be recognized
because it uses a subset of ascii characters at
a density unlikely to be used in normal text.

Once you have the correct region of text screen
screen grab it out of your editor then open it up
in GIMP. Then apply the dilate filter to join
up all the gaps. I didn't get much further
than this but I think with the correct image
processing the characters start to pop out.

I used the online OCR tool at

http://www.star-tek.com.au/ocr...

and though it wasn't able to recognize the
characters correctly it did at least recognize
the character boundaries after my simple bit
of image processing. This means that with
a bit more work it could probably be cracked.

Perhaps with the css layout techniques
the text grab feature of firefox
will munge the result to be unusable??

--
brad phelan
http://xt...

comp.lang.ruby

[ANN] flatulent-0.0.1 ascii captcha for the masses

ara.t.howard

SonOfLilit

ara.t.howard

John Joyce

SonOfLilit

ara.t.howard

James Gray

Karl von Laudermann

Brad Phelan

x Login to ForumsZone