Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I developed a CAPTCHA generator and wanting to measure its strength. Then I tested with a lot of easy to read ones with Adobe Acrobat’s OCR and they all failed to regonize a single character.
Can I say it’s strong enough? If not, how do I test it or measure it?
Ok serious answer.
The great problem with any sort of defensive system is the “I created a code I can’t break – therefore it must be secure” attitude.
The best general OCR package is generally Google’s tesseract but that doesn’t mean it’s the best at captchas. I’m sure that there are lots of captcha breaking tools out there on the darker corners of the internet – you might have to put some effort into hunting them down.
What you really need is to have the potential enemy test it. That’s why crypto algorithms are published and a range of experts and academics try and break them. The problem is that you need to motivate someone to do that for yours.
It might be that this best way to do this is to offer some sort of prize for breaking it, either cash or fame. The problem with this approach is, that if the captcha is to protect something of any real value – the financial return on breaking it and exploiting it is more than you can afford for the bounty.