New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Too easy to crack #8

Closed
ghost opened this Issue Jun 24, 2014 · 3 comments

Comments

Projects
None yet
2 participants
@ghost

ghost commented Jun 24, 2014

Sorry guys but your captcha very easy to crack 1/10.

First need create database on your images:

  • then simple create fingerprint of all images eq:
    • red dots are saved color position
    • Then just compare all images from database

lamers

This is some kind of joke ?

@BrunoBernardino

This comment has been minimized.

Collaborator

BrunoBernardino commented Jun 24, 2014

Closing because this is being discussed over at #2.

  1. You're forgetting the point of the images/audio being custom per website.
  2. Making a database per website being "attacked" is not a "minor cost".

Finally, visualCaptcha is about improving the UX for the people using your application, without diminishing security considerably, not targeted at things like google.com or apple.com where there are obviously other implications to take under consideration.

Thanks for your feedback anyway!

@CrazyPython

This comment has been minimized.

CrazyPython commented Jul 11, 2016

@BrunoBernardino A hacker with four hours could break your security y downloading something like ConvNetJS and using it to recognize images. No GPU required.

@BrunoBernardino

This comment has been minimized.

Collaborator

BrunoBernardino commented Jul 11, 2016

I can imagine that's possible for the default install everyone sees. I'd recommend those people use something like reCaptcha.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment