Monday, April 10, 2006

Schneier on Security: KittenAuth

Two of the comments in the thread on the latest Turing test nonsense gave me an idea. Comment 1: CAPTCHAs are the way cryptographers get hackers to solve hard AI problems. Comment 2: So what if the poster is a robot, they might have something interesting to say.

So the ideal CAPTCHA would use an AI complete problem so that if there was a robot on the other end it would at least be capable of interesting conversation.

The downside to this approach is that every CAPTCHA is subject to a man in the middle attack. There is no way for posters on this blog to know what the captcha test is being used for. It could easily be presenting challenges from other blogs then using the answers to spam. The more frequently CAPTCHAs are used and the lower the threshold for acceptability becomes the easier this type of recycling becomes.

No comments: