
Hardest captcha ever? - dalys
http://random.irb.hr/signup.php
======
robinhouston
The hardest captcha I've come across is the audio one used by Google on
<https://www.google.com/accounts/NewAccount>. Click the little wheelchair icon
to hear it.

It's so hard to decipher, it almost comes across as a cruel joke at the
expense of blind people.

These are much easier, in that I can actually understand them.

~~~
brlewis
Once at MIT a blind student was showing me his screen reader. I couldn't make
sense of the sounds at all, and asked if it was in some special code. He said
no, it was normal language, just really fast. He had it read the current line
on his terminal (this was late '80s). I could see the words it was supposedly
reading, but I still couldn't map them to the brief burst of sound that came
from the screen reader.

So maybe if you've been blind a while, the audio captcha isn't so hard to
decipher. Keep in mind they have to make it hard for speech recognition
software to decipher too.

~~~
tomkarlo
(Was it Sam H.?)

When I was at MIT I had a lab partner who was blind for I think 6.002 or
6.003. I remember that one side-effect of using a screen reader was that he
easily "recited" code, which I don't think most sighted programmers could do
fluently.

Of course, in order to understand what he was reciting, my only hope was
generally to try to type it into a text editor, format it and look at it. (And
it's also hard to transcribe code being read to you.)

~~~
thwarted
My mom and I used to take turns reading the code listings from magazines like
Compute! and RUN to each other and typing them in. It took forever. I
definitely find it harder to do that with punctuation heavy languages these
days (not that I'm typing much code in from magazines anymore).

~~~
mkramlich
This is a classic example of how the culture of home parenting, and individual
choices made by the parent, has a big impact on kids. Having your _mom_ , of
all people, reading code listings from a software magazine, typing them into a
computer with you, pretty much puts you into the top 1% percentile in terms of
parental engagement in their child's intellectual development. Race itself is
irrelevant compared to this. Nationality itself is irrelevant to this. What
the parents do: extremely relevant.

~~~
deong
True, but race and nationality are pretty relevant as to whether you have a
mom who has convenient access to software magazines and computers to type the
code into.

~~~
thwarted
I don't think mkramlich was meaning to imply otherwise, because the relevancy
of parents' involvement doesn't just apply to technology. Engaged parents who
involve their kids in engine rebuilding or animal husbandry or child rearing
or anything else that requires years, effort, and guidance to master are most
likely are in the top 1% in terms of intellectual development.

Technology and computers wasn't my mom's hobby or profession (she's actually a
seamstress -- and I learned the basics of sewing from her) so it wasn't like
she was introducing me to her interests; however, when my son gets older (out
of diapers), I plan on spending time with him teaching about my major
interests and learning new things with him that's he's interested in,
independent of what that may be.

------
mvalle
I don't think it would be hard to do, in fact, they reverse the whole point of
a CAPTCHA.

A CAPTCHA is supposed to be a task that is easy for humans, but difficult for
computers. High-level mathematics is difficult for humans but easy for
computers.

They do have some success of telling computers and humans apart, though.

~~~
iy56
High-level mathematics is difficult for humans and provably impossible for
computers.

~~~
ekidd
What kind of high-level mathematics is _provably_ impossible for computers,
but merely difficult for suitably-trained humans?

If you're thinking of either of Gödel's incompleteness theorems, you may be
slightly mistaken about what they say. In general, a human operating by
rigorous standards of proof is no more able to prove the completeness and
consistency of certain formal systems—using the tools provided by those formal
systems—than a machine can.

If, as a human, you somehow prove the consistency of these particular formal
systems, you run smack into Gödel's second theorem: _For any formal
effectively generated theory T including basic arithmetical truths and also
certain truths about formal provability, T includes a statement of its own
consistency if and only if T is inconsistent._ Thus, any proof of consistency
is self-defeating, whether it's made by neurons or silicon.

Really, math doesn't care what parts of the periodic table you use to prove
things. :-)

------
noamsml
Most of these are really easy. I got a partial derivative of a constant. And
honestly, if you can't answer basic math questions, you probably have no use
for a quantum random bit generator.

~~~
tallanvor
I'm not sure I'd consider calculus to be a basic math question, except in the
context of uses where you have a real need for this level of randomness.

~~~
Jach
<semi-sarcastic-rant />This is what [one of many things] is wrong with the
educational system! Sure it's amazing that public schools have collectively
taught people basic algebra (in theory), but we should set the new bar to
Calculus and just keep pushing it up every so often. (I think Bayesian stats
are more difficult than straight-up calculus though I'd like to see a public
familiarity with both...)

Calculus has been around for a pretty long time, there's plenty of good
material out there to learn it and people who understand it to teach it,
there's no real reason it shouldn't be required curriculum these days.

~~~
jmilloy
I would NEVER put calculus into required curriculum. Calculus is far less
important than some simple number theory, logic, and the ability to think
about abstract problems creatively. The tragedy is that we push towards
calculus (which is really just advanced arithmetic until you get to, say
college, real analysis) at the expense of these other skills.

~~~
Jach
While agreeing with the sister-child I'll also say that yes, other math and
thinking skills are also important, but there's no reason we can't have those
and calculus too. Throw out some of the more useless things like PE, get rid
of certain requirements like art, maybe take away a year or two of the "read
books most of the class doesn't care about and write essays hurriedly read
over by the prof to later be never read again" English classes.

Even just removing one required semester (half a year) of PE and one required
semester of English (which shouldn't be very controversial) frees up two
semesters, which for a high school level accommodates Calculus just fine. I'd
love to see mathematical analysis courses taught at the high school level too
(especially since many grown adults are under the impression math in general
is like the algebra they did in high school) but that might be getting ahead
of ourselves.

I also don't see why you can't teach number theory et al. throughout all the
math courses. I never had a formal trigonometry course because it was taught
along the way.

~~~
TGJ
While I agree with your overall idea of removing extra classes from high
school, you do realize that most graduates need at least 2 more semesters of
English? Plus the failure rate of College Algebra is pretty staggering.

------
georgemcbay
The real WTF with this captcha is that to get a new one they recommend you
reload the page, which will clear out everything you just typed into the form
(since you probably typed that all before getting to the captcha), which is
retarded.

If you try to be smart and just put in a known wrong answer in hopes that
it'll keep the form data and give you a new question, you get dumped to a
validation page which tells you you're wrong and then tells you to go back and
reload the page, which is also retarded. You still come out ahead because when
you hit the back button you should get a new captcha and the browser should
have saved your form data, but man, this page belongs in the UX hall of shame
regardless of how you feel about math in your captchas.

------
shasta
Sounds like a great way to stock up on fake accounts submitted by people who
just want to know if they got the question right

~~~
knowtheory
i even made a typo in my login handle >_<

got the question right though.

------
TorbjornLunde
Isn't using math questions to stop bots(computers), a bit like trying to stop
tanks with barbed wire?

------
cynoclast
Dumbest CAPTCHA ever.

It's a math problem - which computers are great at - in highly readable text;
which they're pretty good at. I expect someone talented could break it in an
automated fashion in a day or less.

I don't know why they don't just throw up an fairly large image of a bunch of
animals, then say "Click the cutest kitten" or something that's purely
subjective, and relies on human recognition abilities rather than
computational ones. Maybe two of those in succession in case a computer gets
lucky? Using the same method recaptcha does. Show two images, one with a known
heat-map of clicks showing where people think the kitten is, to test them, and
another one for them to develop the map on the new picture for future tests.

~~~
nostromo
Hmmm, perhaps this is the first of many in a dystopian future of human
CAPTCHAs... "Please solve this equation in 200ms or less. Sorry, no humans
allowed."

~~~
Natsu
Actually, that's a fascinating idea that could be put to a different purpose.

Spambots try to spew spam as quickly as possible, right? I wonder how
effective it would be to flag those who fill out the signup forms _too
quickly_ as likely spammers and check up on them or impose extra limitations
until they had been using their account for a while without spamming?

------
perlgeek
Actually I find that much easier than blurred text on random lines in the
background

------
makmanalp
Ha, by this logic, a large majority of the current world population aren't
humans :)

~~~
merijnv
Well, to be fair the easiest captcha's are easy high school level equations
and (as someone else already pointed out) if you can't solve these you have no
business obtaining an account for extremely high quality quantum random
numbers. (I believe they provide about 7.8 or 7.9 bits of entropy per byte)

~~~
pavel_lishin
I buy _my_ random numbers from a guy in the alley behind my building. He says
they fell off a truck.

------
drndown2007
Am I the only one saddened by the fact that this would have been a piece of
cake back in high school/college, but can't remember how to do them
(integrals) anymore? :(

~~~
artmageddon
The notion of "use it or lose it" is always disappointing, but honestly if you
learned them once you can learn them again.

~~~
pbhjpbhj
>if you learned them once you can learn them again

I doubt this personally. I didn't have any problems with the partial
differential I was set. I mean on a general level that something once learnt
can be relearned.

~~~
artmageddon
You may not be as sharp at it as you were when you spent hours pounding it
into your head on a frequent basis, but it's surely within a person's grasp.
At least as far as math goes; something like language fluency may be another
story.

------
loudmax
It's a reverse captcha! If you answer too quickly it knows you're a computer.

------
mathgladiator
No

This can be automated with <https://github.com/mathgladiator/tutor>

I'd have to spend some time working on adding OCR support, but overall totally
doable,

------
jxcole
I could easily write a captcha breaker for this...It's much simpler to do than
one with fuzzy characters.

------
kmak
I run "algorithmist.com" and was getting quite a bit of spam with using only
recaptcha. I was looking for something mathy.. I ended up giving mathcaptcha a
go first and it seems to work well to stop the spam, but I was ready to create
my q/a with algorithm questions, with the benefit that if you can't answer
basic algo questions, you shouldn't edit the wiki anyways!

------
tydok
The required value seems to be a small integer. A bot trying zero each time,
IMO, has good odds passing the captcha.

------
stcredzero
One thing that's occurred to me -- there's obviously an asymmetry of effort in
captchas. Reliable proof that someone is human is very hard. What about
reliable proof that something is not human, but an automaton? Can we make this
stronger, and make it reliable proof that something is a particular automaton?

It seems to me, the answer is Yes. This is actually very powerful and useful
for security. (Even if you can only count on the first time it's answered.)

~~~
A1kmm
Requiring that people access your site over TCP/IP is a reasonably good way to
weed out clients that don't involve computers at all.

Bots are user agents that don't have a human operator; browsers are user
agents with a human operator. Both bots and browsers involve computers.
However, as browsers can automate some tasks, and bots need human interaction
at least to program them in the first place, there is a blurry line between
bot and browser. CAPTCHAs try to force a certain amount of human interaction.
The only reliable way to prevent human interaction between sending a request
to and receiving a response from an unknown user agent is to require a
response so fast as to preclude human intervention.

------
tluyben2
Hmm. I see captcha's harder than that every day on numerous sites; with a lot
of 'normal' captcha's you sit staring for minutes and then kind of gamble
(like an OCR bot) to what it says. At least the formulas are clearly readable
and there is a one correct answer to each of them, while this
<http://bit.ly/gKPgKH> I cannot read (Google).

~~~
elai
chithersom

------
l0nwlf
Stack Overflow should use a tougher version of it. Will weed out some noise.

------
pluies_public
I thought it _had_ to be static, but no: the captcha actually changes at each
page reload.

At least it will weed out the non-mathematicians easily...

~~~
ugh
Hardly. You can just type it into WolframAlpha, that works perfectly. (Which
is quite funny because you are letting the computer solve something that’s
supposed to keep computers out.)

You don’t even need to learn any fancy syntax, “derivative of” works great.
(High school math homework would be so much easier with WolframAlpha.)

------
ddbbcc
Actually, the captcha is quite easy to extract (and solve), so it will
probably filter out humans, not bots :)

------
presto8
This looks like the derivative of a constant value, which is always going to
be zero. I reloaded the page several times, and each time, no matter how
complex the formula looked, it was always a constant.

Still, it is cute.

------
georgecmu
I've seen harder (limits of converging sequences, etc), but wolfram alpha made
them harder for humans than for automated scripts.

My captcha was to find the least zero of this polynomial:
[http://random.irb.hr/latexrender/pictures/c46ad0f30d7575c609...](http://random.irb.hr/latexrender/pictures/c46ad0f30d7575c609d863329f5e59f7.gif)

and all I had to do was to OCR the formula:
[http://www.wolframalpha.com/input/?i=x^3+%2B+3x^2-4x+-12+%3D...](http://www.wolframalpha.com/input/?i=x^3+%2B+3x^2-4x+-12+%3D%3D+0)

------
bugsy
I like that captcha because I can do it in my head which makes me feel
special. Too bad there isn't a button just to check the captcha for those of
us who don't want to sign up for an account.

------
pontifier
This brings to mind a recent article about solving the "hacker news problem".
It occurs to me that requiring an entrance exam of some sort could weed out
users unprepared to constructively contribute to any domain specific online
forum.

~~~
pontifier
Well imagine my surprise when I saw an article about an event using just this
sort of weeding on page 2 of hacker news...

<http://news.ycombinator.com/item?id=2288469>

------
moblivu
Hardest Captcha for a human: Maybe Hardest Captcha for a machine: Not so sure
!

You can just pass the equation in Wolfram Alpha directly and you have your
answer! The font is crystal clear and the equation is quite simple.

------
StefanKarpinski
The questions it generates are all trivial with a little bit of math
knowledge. Finding the roots of polynomials that are already factored.
Multiplying a series of factors, the last of which is zero.

------
danvoell
That's funny. I wonder if that encourages people who otherwise wouldn't sign
up. It obviously self selects your clientele. I might need to implement a "2
trains leave" problem for my captcha.

------
presidentender
I think most of the answers are zero, and that this is largely a joke.

------
nickpinkston
I found an exploit ;-) <http://www.wolframalpha.com/examples/Calculus.html>

~~~
joetek
Nice, but if you can get it into Wolfram Alpha and back, you're probably
human. :)

~~~
Xk
Or you can write a simple OCR program that can send HTTP requests.

~~~
nickpinkston
OCR + LaTeX, have fun!

My scanned books can't tell VV and W apart...

------
Luyt
After a few reloads, I got this captcha:

\- 2 + 1 - 0 + 0 * 0 + 3 - 3 = ?

------
limmeau
I got to compute a derivative. In the spirit of reCAPTCHA, wouldn't it be more
appropriate if the Captcha consisted of symbolic integration?

------
derrida
Why is this here? This is easy to a)break b)solve IF you a)finished high
school maths(australia) b) know about pythons ocr libraries.

------
hoag
Haha this is seriously awesome... almost makes me miss doing hours and hours
of calc every day :)

------
AW3nham
Bit pretentious, bordering childish. Also easy to crack WolframAlpha if you
don't know the math

------
baberuth
i got one of the easier ones and was confused about why this would be
difficult for machines to beat.

[http://random.irb.hr/latexrender/pictures/bba40bf17043b0ced7...](http://random.irb.hr/latexrender/pictures/bba40bf17043b0ced791685dcba29dad.gif)

------
37prime
The irony is that it would be easier to solve the captcha using programs like
Mathematica.

------
pieter
I tried a few, and it looks like most (all?) of them can be answered by
wolfram alpha.

~~~
kahawe
...which sort of defies the reason the CAPTC_H_A was put there in the first
place - great!

------
Keyframe
huh, got in on my first try... 0/0x[... 0 duh :) Most are easy, but maybe
scary looking to people not inclined to math?

------
ranit
Of course not the hardest. <http://brad.livejournal.com/2331278.html>

~~~
Semiapies
That's a blog entry linking to TFA.

------
mkramlich
"Here I am, brain the size of a planet, and they have me solving captchas. If
anybody needs me I'll be over in the corner rusting for the next, oh, one
million years."

\-- Marvin the Paranoid Android (with liberties taken)

------
kahawe
I just use <http://www.random.org/> instead and do not have to go through all
that hassle.

------
farout
As a side question, why are captchas using alphanumerics? Any reason why you
can say, what is 1+1?

And flip the terms and answers for each captcha.

Is it because a person can't solve 3+8?

~~~
heyitsnick
Because a computer is very good at solving basic maths questions?

All this does is simplify the captcha for machines to solve, whilst
complicating it for humans (basic maths is easy for most but it's still one
more logical step then 'type out the 5 letters you see'). Instead of 26 upper
and lower-case characters, and often just a random string (so we can't make a
best guess vs a dictionary), we now just have ten characters and maybe 2-4
mathematical operators and it must make sense (it can't be "42+-" for
example).

~~~
farout
As you stated: If computer wanted to hack it - sure it is easy enough. But I
was looking for a easy way to do some verification.

I asked this because I was creating a reddit clone and wanted a captcha
system. I detest the ones that exist right now.

~~~
jcl
The point of most captchas is to stop someone from writing a program that
abuses your system. If you're not doing that, what exactly are you
"verifying"?

~~~
farout
I want to make sure a person votes only once. But if they want to game the
system fine as long as they are willing to submit a captcha

For another website, I used to store the IP address and do checks but for a
simple system that seem to be overkill.

All of the websites have no user accounts.

Is there another way to do this? Where you want some voting to happen but with
no user accounts. And you want it to be dirt simple.

~~~
jcl
Ah, I get it. You are using a captcha not for its resistance to automation but
as a way to make a user pay (with time) for an action.

If you start with the assumption that no one will try to attack your site,
then you don't need a captcha at all. You can give the user any annoying/time-
consuming task (e.g. "click a square ten times"), or you can insert an
inconvenient delay in vote submission. However, people may object less to the
inconvenience of something that looks like a captcha, because they are used to
them.

Needless to say, almost no one uses captchas for this purpose. Instead, they
use captchas to make their sites more resistant to automated abuse -- as you
almost certainly will need if your sites become popular.

~~~
farout
Thanks, these are great ideas. I never thought of doing this way.

The site dos not take in user generated content that is immediately displayed.
The data is first curated and verified so the attack will be a bit harder. So
there is fresh (delayed) content constantly.

That is exactly the reason of the captcha: to give a person something to do
that wastes a bit of their time and that is familiar to them.

Yes, in other sites I have used captchas to prevent automated abuse.

------
georgieporgie
I reloaded the page and got something like 4 * -1 - (-4) = ?

A subsequent reload sent it back to a more complex formula.

------
GrandMasterBirt
WAIT, this captcha seems like its inverse, easier for computer than human to
answer.

------
CWuestefeld
What answer does it want?

I got "-6-7x7". Does it want proper order of operations applied, giving
-6-49=-55? Or does it want it the silly way that most (I suspect) people are
going to do it, left-to-right without respect to order of operations,
-13x7=-91?

(oops, the asterisks give italics rather than multiplication!)

