
New Puzzles to Tell Humans From Machines  - peter123
http://www.nytimes.com/2009/05/24/business/24novelties.html
======
dfranke
It's been tried: google "kittenauth". The problem is that you need to collect
the images from somewhere, so the keyspace is too small.

~~~
patio11
Right, but for kittenauth you need to "burn" 9 images to achieve one
authentication. (Three kitties and six non-kitties, as I recall correctly.)
With the rotational thing, a single source image can be algorithmically
manipulated to generate dozens or hundreds of challenges -- kitty at a 90
degree angle to the left, kitty at a 90 degree angle to the right, etc.

Figuring that, conservatively, you can get a dozen challenges out of an image,
that makes this technique about a hundred times more efficient than kittyauth
in terms of how many challenges you can issue for the size of your library.
Then you pair it with a large set of images ( _cough_ Flickr Creative Commons
license _cough_ ) and you're off to the races.

(The Flickr Creative Commons option isn't abused to nearly its potential by
startups.)

~~~
dfranke
I'm not a CG guy, but I'm guessing it's pretty simple and efficient to
recognize which of a set of images a given image is a rotation of. So the
ability to create lots of rotations doesn't buy you any security.

