Hacker News new | past | comments | ask | show | jobs | submit login

No, that's the reason the answers are hashed. You can't get the answer from the hash, since a hash is a one-way function. This is the same reason you never store passwords in your database in plaintext, but rather hash them first.



As elliotcarlson pointed out the issue isn't that answers can be determined automatically, it's that the cost of determining the answers can be amortized over all uses. It's the same vulnerability problem as rainbow tables. With rainbow tables you spend a lot of (automated) effort computing hashes for password guesses, the key advantage of this tactic is that it is widely applicable to every naive use of that hash function.

The amount of effort for a human to go through the list of answers and come up with answers may be non-trivial, but once completed it's applicable to every single use of the plain-text captcha system. That's bad.


Mechanical Turk


Still, almost all (or all?) of the answers are excerpts of the question. So just test all short excerpts against the hashes, voila, an answer key.


That's not the issue - as soon as you make a list of questions available for the world, all it takes is one spammer to create a matching list of answers and they can go to town. By providing that list of answers as open source you are making it easier for someone to create the counter part answer database.


http://xkcd.com/810/


http://xkcdexplained.com/post/1395792545/constructive


Captchas are not restricted to reddit and social news site, despite what your link claims.


Oh, that was just to make fun of xkcd. I don't think xkcd links are really that good an addition to a discussion here.


Exactly!




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: