Hacker News new | past | comments | ask | show | jobs | submit login
Hardest captcha ever? (irb.hr)
222 points by dalys on March 4, 2011 | hide | past | favorite | 120 comments



The hardest captcha I've come across is the audio one used by Google on https://www.google.com/accounts/NewAccount. Click the little wheelchair icon to hear it.

It's so hard to decipher, it almost comes across as a cruel joke at the expense of blind people.

These are much easier, in that I can actually understand them.


Once at MIT a blind student was showing me his screen reader. I couldn't make sense of the sounds at all, and asked if it was in some special code. He said no, it was normal language, just really fast. He had it read the current line on his terminal (this was late '80s). I could see the words it was supposedly reading, but I still couldn't map them to the brief burst of sound that came from the screen reader.

So maybe if you've been blind a while, the audio captcha isn't so hard to decipher. Keep in mind they have to make it hard for speech recognition software to decipher too.


A few years back I attended a tech talk from T.V.Raman (of emacspeak fame) and he was making fun of us, poor non-blind users, for being so slow at deciphering the bursts of sounds from the screen reader.

He, and other blind computer scientists that were present at the talk, was so used to the screen reader that could crank its speed up to impossible speeds for non-blind users (that don't exercise their hearing sense that much).

The same applied to the tiny distortions in pitch and tone that he'd use as a replacement for syntax coloring.

Pretty amazing.


Yup, my sister is blind and it's the same thing. I hear her having something read off her screen and it's just way to fast to even notice a single word. I asked her about it once and she told me that she doesn't even have it set to read as fast as most of her friends!


Can you post an audio sample of this? I'd love to hear it.


This might be a little bit off-topic, but has somebody played with the tools that blind cs programmers use to program? Read/write/navigate,...

What I mean is, has somebody any insight if it would be worth it, from a productivity point of view, to use those tools for non-blind people?


I used to do a lot of accessibility work, so I was somewhat proficient at JAWS and IBM's Home Page Reader.

JAWS, in particular, is quite powerful, but pretty daunting to learn. Compounding the clunkiness of JAWS is that many apps and sites aren't built with screen reader usability in mind – even if the developers made a good effort to ensure that it was possible to use their site in a screen reader, that all text was readable, etc, there's a huge difference between "possible" and "easy".

I thought it would be interesting, from an HCI perspective, to use a screen reader with something like a phone in your pocket, but sadly the learning curve is just too high, and there's not much motivation to improve it, either from the perspective of app/site developers (blind users are a rounding error) or even of the tool makers (blind users are highly motivated to learn their product, and will purchase it regardless of learning curve).

SEO, ironically, is the greatest thing to ever happen to blind users. All those people with tremendous financial incentive to make their sites spiderable to a text-only bot.


> JAWS, in particular, is quite powerful, but pretty daunting to learn. Compounding the clunkiness of JAWS is that many apps and sites aren't built with screen reader usability in mind – even if the developers made a good effort to ensure that it was possible to use their site in a screen reader, that all text was readable, etc, there's a huge difference between "possible" and "easy".

Seconded. I've done a bit of accessibility testing work with JAWS and was often frustrated by how unnecessarily difficult it was to use the software with a screen reader. You have to remember that it is probably uneconomical to make most software accessible and companies only do it because it is a requirement that software be accessible if you want to sell to certain governments (eg the USA). What this means is that development and testing is focussed on doing the bare minimum needed to pass a checklist, after which there isn't any need to do anything, regardless of whether the software is "easy" or merely "possible" to use.


(Was it Sam H.?)

When I was at MIT I had a lab partner who was blind for I think 6.002 or 6.003. I remember that one side-effect of using a screen reader was that he easily "recited" code, which I don't think most sighted programmers could do fluently.

Of course, in order to understand what he was reciting, my only hope was generally to try to type it into a text editor, format it and look at it. (And it's also hard to transcribe code being read to you.)


My mom and I used to take turns reading the code listings from magazines like Compute! and RUN to each other and typing them in. It took forever. I definitely find it harder to do that with punctuation heavy languages these days (not that I'm typing much code in from magazines anymore).


Oh, god I remember doing that for the TRS-80 (was it assembly? that's what I remember.) You'd spend hours typing in codes from a magazine, and I think my Dad and I had about a 5% success rate actually getting the program to run at the end.


Run often had BASIC programs that built machine language routines from DATA statements, just a series of numbers. At one point they changed the program so that one of the bytes in each DATA statement was a checksum, and it would tell you if the rest of the line was accurate or not. That helped a lot.

My mom likes to say "I was just having fun, typing in the games and playing them, but you were actually learning something."


That was my first introduction to the notion of checksums and parity bits too. Very practical, in your face, real world consequences kind of impact. Excellent way to learn the concept. I don't miss having to type in all my software by hand, but the sort of forced physical learning and in-your-face impact of syntax and data patterns was really effective and something we should miss.


This is a classic example of how the culture of home parenting, and individual choices made by the parent, has a big impact on kids. Having your mom, of all people, reading code listings from a software magazine, typing them into a computer with you, pretty much puts you into the top 1% percentile in terms of parental engagement in their child's intellectual development. Race itself is irrelevant compared to this. Nationality itself is irrelevant to this. What the parents do: extremely relevant.


True, but race and nationality are pretty relevant as to whether you have a mom who has convenient access to software magazines and computers to type the code into.


I don't think mkramlich was meaning to imply otherwise, because the relevancy of parents' involvement doesn't just apply to technology. Engaged parents who involve their kids in engine rebuilding or animal husbandry or child rearing or anything else that requires years, effort, and guidance to master are most likely are in the top 1% in terms of intellectual development.

Technology and computers wasn't my mom's hobby or profession (she's actually a seamstress -- and I learned the basics of sewing from her) so it wasn't like she was introducing me to her interests; however, when my son gets older (out of diapers), I plan on spending time with him teaching about my major interests and learning new things with him that's he's interested in, independent of what that may be.


It wasn't Sam H. I don't recall his name.


The normal google captcha is pretty damn hard, once I had to go through like 5 or 10 before I got it though lately it seems to have gotten a little bit easier (or I now know how to guess it better).


This CAPTCHA is actually designed to ensure that the only entity that can decipher it is Satan himself.

Wow.


I assume its because audio captchas are so easy to break with a computer (hence you have to distort the hell out of it):

http://blog.wintercore.com/2008/03/05/breaking-gmails-audio-...


I will say... "additional plugins required". If your blind you will miss that.


Am I the only one that hears this like a Black Sabbath record being played backwards? I tried a couple of them and noticed no appreciable difference in the noise being presented.


I don't think it would be hard to do, in fact, they reverse the whole point of a CAPTCHA.

A CAPTCHA is supposed to be a task that is easy for humans, but difficult for computers. High-level mathematics is difficult for humans but easy for computers.

They do have some success of telling computers and humans apart, though.


Precisely the reason I wrote the very useful "human.txt" captcha: http://www.mrspeaker.net/2010/07/15/humans-txt/

Stops those pesky humans wasting precious robot bandwidth and is quite a bit harder than the Quantum Random Bit Generator captcha ;)


If the math problem were squiggly and hand-drawn (i.e., as if on a chalkboard), we might have a more effective CAPTCHA.


High-level mathematics is difficult for humans and provably impossible for computers.


What kind of high-level mathematics is provably impossible for computers, but merely difficult for suitably-trained humans?

If you're thinking of either of Gödel's incompleteness theorems, you may be slightly mistaken about what they say. In general, a human operating by rigorous standards of proof is no more able to prove the completeness and consistency of certain formal systems—using the tools provided by those formal systems—than a machine can.

If, as a human, you somehow prove the consistency of these particular formal systems, you run smack into Gödel's second theorem: For any formal effectively generated theory T including basic arithmetical truths and also certain truths about formal provability, T includes a statement of its own consistency if and only if T is inconsistent. Thus, any proof of consistency is self-defeating, whether it's made by neurons or silicon.

Really, math doesn't care what parts of the periodic table you use to prove things. :-)


Correct. For those that don't agree see the Incompleteness Theorem. It was once thought (by Hilbert no less) that computers would one day be able to derive all mathematical truths for us. Alas, G\:{o}del came along and ruined all of those grand plans by proving such an endeavor was in possible. He also showed the limits of human reason. Computers may or may not be "dumber" than humans, but we know that they can't be "smarter."


Most of these are really easy. I got a partial derivative of a constant. And honestly, if you can't answer basic math questions, you probably have no use for a quantum random bit generator.


I'm not sure I'd consider calculus to be a basic math question, except in the context of uses where you have a real need for this level of randomness.


<semi-sarcastic-rant />This is what [one of many things] is wrong with the educational system! Sure it's amazing that public schools have collectively taught people basic algebra (in theory), but we should set the new bar to Calculus and just keep pushing it up every so often. (I think Bayesian stats are more difficult than straight-up calculus though I'd like to see a public familiarity with both...)

Calculus has been around for a pretty long time, there's plenty of good material out there to learn it and people who understand it to teach it, there's no real reason it shouldn't be required curriculum these days.


I would NEVER put calculus into required curriculum. Calculus is far less important than some simple number theory, logic, and the ability to think about abstract problems creatively. The tragedy is that we push towards calculus (which is really just advanced arithmetic until you get to, say college, real analysis) at the expense of these other skills.


While agreeing with the sister-child I'll also say that yes, other math and thinking skills are also important, but there's no reason we can't have those and calculus too. Throw out some of the more useless things like PE, get rid of certain requirements like art, maybe take away a year or two of the "read books most of the class doesn't care about and write essays hurriedly read over by the prof to later be never read again" English classes.

Even just removing one required semester (half a year) of PE and one required semester of English (which shouldn't be very controversial) frees up two semesters, which for a high school level accommodates Calculus just fine. I'd love to see mathematical analysis courses taught at the high school level too (especially since many grown adults are under the impression math in general is like the algebra they did in high school) but that might be getting ahead of ourselves.

I also don't see why you can't teach number theory et al. throughout all the math courses. I never had a formal trigonometry course because it was taught along the way.


While I agree with your overall idea of removing extra classes from high school, you do realize that most graduates need at least 2 more semesters of English? Plus the failure rate of College Algebra is pretty staggering.


IMHO you don't understand Calculus good enough yourself. It's one of the most powerful tools humankind has come with. A couple of simple ideas aplicable practically everywhere.


It's obviously a little bit past 2+2, but calculus is still pretty basic. It's deeply unfortunate that the US schooling system, among others, treats it as an advanced topic only accessible to Smart People. It's a huge disservice to the rest of the population.


I got "find the least real zero of the polynomial: -7 * 4 - 7". Somehow I doubt "mu" would be accepted.

(That sort of think has only shown up once over multiple refreshes though.)


Just to prove you are a human, please answer the following math challenge.

-6 + 5 * 0 = ?

(I guess I just got lucky?)


I got d/dx(2sin(3pi)+0) el oh el, I suppose I got lucky also.


I got that one too, and misinterpreted it as I always do and made it stupidly complex in my head. For a minute, I thought it was asking for the least real, i.e. most imaginary, zero.


and besides, I'm not entirely sure that these are "unbreakable" whatsoever. If you really want to break this, I'd do some math-specific OCR + WolframAlpha...


The image is in a clean looking font, so the OCR would probably be decent. Also, the question I got (Find the least real zero of the polynomial: p(x) = x^2 + 6x + 9) I typed, as is, into Wolfram Alpha and well, look at that, x = -3.


Yep, I saw a lot of derivatives of a constant, and multiplies by zero. There were a couple that weren't obviously 0, but I wouldn't be surprised if most of the actual answers were 0.


Mine had a complex multiplication problem but had 0 as a multiplier. Can't get easier than that!


The real WTF with this captcha is that to get a new one they recommend you reload the page, which will clear out everything you just typed into the form (since you probably typed that all before getting to the captcha), which is retarded.

If you try to be smart and just put in a known wrong answer in hopes that it'll keep the form data and give you a new question, you get dumped to a validation page which tells you you're wrong and then tells you to go back and reload the page, which is also retarded. You still come out ahead because when you hit the back button you should get a new captcha and the browser should have saved your form data, but man, this page belongs in the UX hall of shame regardless of how you feel about math in your captchas.


Sounds like a great way to stock up on fake accounts submitted by people who just want to know if they got the question right


i even made a typo in my login handle >_<

got the question right though.


Isn't using math questions to stop bots(computers), a bit like trying to stop tanks with barbed wire?


Dumbest CAPTCHA ever.

It's a math problem - which computers are great at - in highly readable text; which they're pretty good at. I expect someone talented could break it in an automated fashion in a day or less.

I don't know why they don't just throw up an fairly large image of a bunch of animals, then say "Click the cutest kitten" or something that's purely subjective, and relies on human recognition abilities rather than computational ones. Maybe two of those in succession in case a computer gets lucky? Using the same method recaptcha does. Show two images, one with a known heat-map of clicks showing where people think the kitten is, to test them, and another one for them to develop the map on the new picture for future tests.


Hmmm, perhaps this is the first of many in a dystopian future of human CAPTCHAs... "Please solve this equation in 200ms or less. Sorry, no humans allowed."


Actually, that's a fascinating idea that could be put to a different purpose.

Spambots try to spew spam as quickly as possible, right? I wonder how effective it would be to flag those who fill out the signup forms too quickly as likely spammers and check up on them or impose extra limitations until they had been using their account for a while without spamming?


Actually I find that much easier than blurred text on random lines in the background


Ha, by this logic, a large majority of the current world population aren't humans :)


Aristotle is very very disappointed with your logic, my friend. http://en.wikipedia.org/wiki/Inference#Examples_of_deductive...


I think you've misunderstood his post (or I've misunderstood yours (my friend))). He was saying that the linked website was illogical in using a method to distinguish humans from machines, that most humans would fail at. Grandparent wasn't attempting to construct his own logical argument.


But the logic of the CAPTCHA is "if you get this right, then you are human". Makmanalp was suggesting "if you get this wrong, you are not human", which does not follow logically from the CAPTCHA rule.

It is an example of "Denying the antecedent", or the inverse error: http://en.wikipedia.org/wiki/Denying_the_antecedent


Who is to say that "if you get this right, then you are human" is the valid premise? I'd argue that the correct one is "If you're human, you get CAPTCHAs right". :P


Just to be pedantic: CAPTCHAs are a test for being human so human-ness has to be the consequence of some condition. Your premise is therefore an incorrect framing of the CAPTCHA test.


(IsaacL, I think we are all having our tongue in our cheek here).


Well, to be fair the easiest captcha's are easy high school level equations and (as someone else already pointed out) if you can't solve these you have no business obtaining an account for extremely high quality quantum random numbers. (I believe they provide about 7.8 or 7.9 bits of entropy per byte)


I buy my random numbers from a guy in the alley behind my building. He says they fell off a truck.


I'll stick with Lavarand, thanks... good enough for my needs.

http://en.wikipedia.org/wiki/Lavarand


OMG! "extremely high quality quantum random numbers"

Thats an interesting product to sell.


It's just a little more targeted than the average captcha. It should weed out both bots and people you wouldn't want using the website in the first place.


Unless they become popular and the answers are too easy. Then you can guess the answer without even understanding the problem.


Am I the only one saddened by the fact that this would have been a piece of cake back in high school/college, but can't remember how to do them (integrals) anymore? :(


The notion of "use it or lose it" is always disappointing, but honestly if you learned them once you can learn them again.


>if you learned them once you can learn them again

I doubt this personally. I didn't have any problems with the partial differential I was set. I mean on a general level that something once learnt can be relearned.


You may not be as sharp at it as you were when you spent hours pounding it into your head on a frequent basis, but it's surely within a person's grasp. At least as far as math goes; something like language fluency may be another story.


I did a lot of maths in college before I moved onto programming and computer science, but I also found the problem hard. I think I could probably work it out from first principles eventually, but it's surprising how much calculus and trig comes down to memorising rules.


It's a reverse captcha! If you answer too quickly it knows you're a computer.


No

This can be automated with https://github.com/mathgladiator/tutor

I'd have to spend some time working on adding OCR support, but overall totally doable,


I could easily write a captcha breaker for this...It's much simpler to do than one with fuzzy characters.


I run "algorithmist.com" and was getting quite a bit of spam with using only recaptcha. I was looking for something mathy.. I ended up giving mathcaptcha a go first and it seems to work well to stop the spam, but I was ready to create my q/a with algorithm questions, with the benefit that if you can't answer basic algo questions, you shouldn't edit the wiki anyways!


The required value seems to be a small integer. A bot trying zero each time, IMO, has good odds passing the captcha.


One thing that's occurred to me -- there's obviously an asymmetry of effort in captchas. Reliable proof that someone is human is very hard. What about reliable proof that something is not human, but an automaton? Can we make this stronger, and make it reliable proof that something is a particular automaton?

It seems to me, the answer is Yes. This is actually very powerful and useful for security. (Even if you can only count on the first time it's answered.)


Requiring that people access your site over TCP/IP is a reasonably good way to weed out clients that don't involve computers at all.

Bots are user agents that don't have a human operator; browsers are user agents with a human operator. Both bots and browsers involve computers. However, as browsers can automate some tasks, and bots need human interaction at least to program them in the first place, there is a blurry line between bot and browser. CAPTCHAs try to force a certain amount of human interaction. The only reliable way to prevent human interaction between sending a request to and receiving a response from an unknown user agent is to require a response so fast as to preclude human intervention.


Hmm. I see captcha's harder than that every day on numerous sites; with a lot of 'normal' captcha's you sit staring for minutes and then kind of gamble (like an OCR bot) to what it says. At least the formulas are clearly readable and there is a one correct answer to each of them, while this http://bit.ly/gKPgKH I cannot read (Google).


chithersom


Stack Overflow should use a tougher version of it. Will weed out some noise.


I thought it had to be static, but no: the captcha actually changes at each page reload.

At least it will weed out the non-mathematicians easily...


Hardly. You can just type it into WolframAlpha, that works perfectly. (Which is quite funny because you are letting the computer solve something that’s supposed to keep computers out.)

You don’t even need to learn any fancy syntax, “derivative of” works great. (High school math homework would be so much easier with WolframAlpha.)


Actually, the captcha is quite easy to extract (and solve), so it will probably filter out humans, not bots :)


This looks like the derivative of a constant value, which is always going to be zero. I reloaded the page several times, and each time, no matter how complex the formula looked, it was always a constant.

Still, it is cute.


I've seen harder (limits of converging sequences, etc), but wolfram alpha made them harder for humans than for automated scripts.

My captcha was to find the least zero of this polynomial: http://random.irb.hr/latexrender/pictures/c46ad0f30d7575c609...

and all I had to do was to OCR the formula: http://www.wolframalpha.com/input/?i=x^3+%2B+3x^2-4x+-12+%3D...


I like that captcha because I can do it in my head which makes me feel special. Too bad there isn't a button just to check the captcha for those of us who don't want to sign up for an account.


This brings to mind a recent article about solving the "hacker news problem". It occurs to me that requiring an entrance exam of some sort could weed out users unprepared to constructively contribute to any domain specific online forum.


Well imagine my surprise when I saw an article about an event using just this sort of weeding on page 2 of hacker news...

http://news.ycombinator.com/item?id=2288469


Hardest Captcha for a human: Maybe Hardest Captcha for a machine: Not so sure !

You can just pass the equation in Wolfram Alpha directly and you have your answer! The font is crystal clear and the equation is quite simple.


The questions it generates are all trivial with a little bit of math knowledge. Finding the roots of polynomials that are already factored. Multiplying a series of factors, the last of which is zero.


That's funny. I wonder if that encourages people who otherwise wouldn't sign up. It obviously self selects your clientele. I might need to implement a "2 trains leave" problem for my captcha.


I think most of the answers are zero, and that this is largely a joke.



Nice, but if you can get it into Wolfram Alpha and back, you're probably human. :)


Or you can write a simple OCR program that can send HTTP requests.


OCR + LaTeX, have fun!

My scanned books can't tell VV and W apart...


After a few reloads, I got this captcha:

- 2 + 1 - 0 + 0 * 0 + 3 - 3 = ?


I got to compute a derivative. In the spirit of reCAPTCHA, wouldn't it be more appropriate if the Captcha consisted of symbolic integration?


Why is this here? This is easy to a)break b)solve IF you a)finished high school maths(australia) b) know about pythons ocr libraries.


Haha this is seriously awesome... almost makes me miss doing hours and hours of calc every day :)


Bit pretentious, bordering childish. Also easy to crack WolframAlpha if you don't know the math


i got one of the easier ones and was confused about why this would be difficult for machines to beat.

http://random.irb.hr/latexrender/pictures/bba40bf17043b0ced7...


The irony is that it would be easier to solve the captcha using programs like Mathematica.


I tried a few, and it looks like most (all?) of them can be answered by wolfram alpha.


...which sort of defies the reason the CAPTC_H_A was put there in the first place - great!


huh, got in on my first try... 0/0x[... 0 duh :) Most are easy, but maybe scary looking to people not inclined to math?


Of course not the hardest. http://brad.livejournal.com/2331278.html


That's a blog entry linking to TFA.


"Here I am, brain the size of a planet, and they have me solving captchas. If anybody needs me I'll be over in the corner rusting for the next, oh, one million years."

-- Marvin the Paranoid Android (with liberties taken)


I just use http://www.random.org/ instead and do not have to go through all that hassle.


As a side question, why are captchas using alphanumerics? Any reason why you can say, what is 1+1?

And flip the terms and answers for each captcha.

Is it because a person can't solve 3+8?


Because a computer is very good at solving basic maths questions?

All this does is simplify the captcha for machines to solve, whilst complicating it for humans (basic maths is easy for most but it's still one more logical step then 'type out the 5 letters you see'). Instead of 26 upper and lower-case characters, and often just a random string (so we can't make a best guess vs a dictionary), we now just have ten characters and maybe 2-4 mathematical operators and it must make sense (it can't be "42+-" for example).


As you stated: If computer wanted to hack it - sure it is easy enough. But I was looking for a easy way to do some verification.

I asked this because I was creating a reddit clone and wanted a captcha system. I detest the ones that exist right now.


The point of most captchas is to stop someone from writing a program that abuses your system. If you're not doing that, what exactly are you "verifying"?


I want to make sure a person votes only once. But if they want to game the system fine as long as they are willing to submit a captcha

For another website, I used to store the IP address and do checks but for a simple system that seem to be overkill.

All of the websites have no user accounts.

Is there another way to do this? Where you want some voting to happen but with no user accounts. And you want it to be dirt simple.


Ah, I get it. You are using a captcha not for its resistance to automation but as a way to make a user pay (with time) for an action.

If you start with the assumption that no one will try to attack your site, then you don't need a captcha at all. You can give the user any annoying/time-consuming task (e.g. "click a square ten times"), or you can insert an inconvenient delay in vote submission. However, people may object less to the inconvenience of something that looks like a captcha, because they are used to them.

Needless to say, almost no one uses captchas for this purpose. Instead, they use captchas to make their sites more resistant to automated abuse -- as you almost certainly will need if your sites become popular.


Thanks, these are great ideas. I never thought of doing this way.

The site dos not take in user generated content that is immediately displayed. The data is first curated and verified so the attack will be a bit harder. So there is fresh (delayed) content constantly.

That is exactly the reason of the captcha: to give a person something to do that wastes a bit of their time and that is familiar to them.

Yes, in other sites I have used captchas to prevent automated abuse.


I reloaded the page and got something like 4 * -1 - (-4) = ?

A subsequent reload sent it back to a more complex formula.


WAIT, this captcha seems like its inverse, easier for computer than human to answer.


What answer does it want?

I got "-6-7x7". Does it want proper order of operations applied, giving -6-49=-55? Or does it want it the silly way that most (I suspect) people are going to do it, left-to-right without respect to order of operations, -13x7=-91?

(oops, the asterisks give italics rather than multiplication!)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: