Tuesday, July 17, 2007

CAPTCHA - What ?

What is CAPTCHA ??

Seems like a weird word, but seems to be familiar ...
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.

Simply, its a test to check if you are a human or not. A simple form of CAPTCHA is an image that contains a language or a sign which can be easily understood by a human being. On the other hand a bot or a program or simply a machine cannot understand. Given the image to a program it cannot see into and tell what's written in it (easily). CAPTCHA's are present in most sites including here. Try posting a comment and you will be asked to enter a word as shown in the figure.

CAPTCHA's are used to prevent bots or programs to spam the site with lots of biasing information or advertisements.

Effectiveness of CAPTCHA
CAPTCHA has been here for a couple of years and hence programs defeating the CAPTCHA's have obviously been developed! So how does an effective CAPTCHA system work?
A good captcha

  • Bend, Orient or change the fonts randomly
  • Has a random background colour, which is not uniform
  • Has little contrast
  • Has minimum sharp edges

Making your own CAPTCHA system

A simple CAPTCHA system can be made with PHP and the GD Library.
The PHP-GD Library is used to make CAPTCHA images on the fly with random letters.
The original text used in the image can be hashed by one way hashing algorithms such as MD5 and SHA. These hashes must be passed through a top-secret function that alters or encrypts the text again. The text is then set as a cookie.


header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 25 Nov 1987 12:00:00 GMT"); // Date in the past
// Set the content-type
header("Content-type: image/png");
// Create the image
$im = imagecreatetruecolor(200, 40);

// Create some colors
$colors = array(
imagecolorallocate($im, 0, 0, 0),
imagecolorallocate($im, 128, 0, 0),
imagecolorallocate($im, 0, 128, 0),
imagecolorallocate($im, 0, 0, 128),
imagecolorallocate($im, 0, 128, 128),
imagecolorallocate($im, 128, 128, 0),
imagecolorallocate($im, 128, 0, 128),
imagecolorallocate($im, 255, 0, 128),
imagecolorallocate($im, 128, 0, 255),
imagecolorallocate($im, 0, 255, 128),
imagecolorallocate($im, 255, 0, 0),
imagecolorallocate($im, 255, 0, 0),
imagecolorallocate($im, 255, 255, 255)
imagefilledrectangle($im, 0, 0, 199, 39, $colors[12]);

// The text to draw
$text = randomkeys(rand(6,8));

setcookie("secrethash",secret_function($text),time()+3600,"/"); // make your own secret function
// Replace path by your own font path

$font = 'tahoma.ttf';

// Add the text
for($i=0;$i < 6; $i++){
imagettftext($im, 24, $angle*2, 10+$x, 24, $thsc, $font, $text[$i]);//Add some tilts to make bots tough to read
// Using imagepng() results in clearer text compared with imagejpeg()
imagepng($im); //Outputs the PNG

This CAPTHCA uses no background and hence only moderately secure (ie Keeps the kids away)

Now on the checking part the users text is passed through the same hashing function and top-secret function. Then the cookie value and the newly calculated value is compared to catch the bot ;).

A disadvantage of using CAPTCHA is for the visually challenged people. People with unclear eyesights colour blindness etc may face a problem in reading the CAPTCHA code. So the other CAPTCHA method is to use an AUDIO file, an MP3 instead of a JPEG or PNG.

Currently I do not know of any PHP libraries that makes MP3's on the fly. If anyone has any information on similar info, Please share ...

Happy filling in the CAPTCHA