Sign In

Communications of the ACM

ACM TechNews

Forget Captcha, Try Inkblots

View as: Print Mobile App Share:
An inkblot.

A new password mechanism called Gotcha is based on a randomized puzzle-generation protocol that involves human-computer interaction.

Credit: Wikipedia

Carnegie Mellon University researchers have developed Generating panOptic Turing Tests to Tell Computers and Humans Apart (Gotcha), a password mechanism based on a randomized puzzle-generation protocol that involves computer-human interaction.

Gotcha works by generating an inkblot and then asking the user to enter a text description. The site then stores both the inkblot and description for whenever the user returns, at which point it displays the inkblot and asks the user to recognize their previous description from multiple potential selections.

The researchers say the system "relies on the usability assumption that users can recognize the phrases that they originally used to describe each inkblot image."

Gotcha could be used to prevent attackers from grabbing password files from servers, then cracking them offline, which continues to be a pervasive problem. "Any adversary who has obtained the cryptographic hash of a user's password can mount an automated brute-force attack to crack the password by comparing the cryptographic hash of the user's password with the cryptographic hashes of likely password guesses," the researchers note.

They say by using Gotchas, businesses could "mitigate the threat of offline dictionary attacks against passwords by ensuring that a password cracker must receive constant feedback from a human being while mounting an attack."

From InformationWeek
View Full Article


Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account