Monday, May 7, 2012

Gibberish Detection, and the "catcha" lesser captcha lock

** The catcha**
A catcha is a very simple captcha, that is quick to solve and is intended to determine that the action was intentional, but could be exploited by automatic means so is not suitable for security.

** back story**
When I was a kid, my dad told me how he started checking software for bugs... just hold down a key.  Half the time the programs would crash.

All of the Macintoshes at my high school (os 7?) would be unusable for hours if you just held down a key for a couple minutes.

A cat on the keyboard will hold down keys, and will still cause modern programs to misbehave.

**Design thoughts and details**

I propose having a "spell checker" for general user interaction.
This would include general mouse patterns, and detection of out of normal shortcut keys.

control-alt-prntsrcn  REISUB   (Raising elephants is so utterly boring)   would still work of course... that key combo is so hard for a cat to press accidentally, that I'm pretty sure that it won't happen accidentally..  (unless it is the wrong keyboard--going to the wrong computer!)

Little kids will also start typing gibberish when sitting down at a computer.  If a key is held down, or common application use is not observed,  a simple "catcha" lock could be presented.


Control mechanisms, and issues to overcome:
some programs take gibberish like input (vim-- up down right left)
Vim keys would have to be accounted for.
people misspell things...  It should detect word-like writing, and do so over time..
possibly by detecting the number syllables, and variety of syllables.

If a dangerous control is detected in the midst of gibberish like behaivor, a catcha should be presented.


** Security issue**
this program would use a key logger like program, which may cause a serious security issue. Measures should be taken to ensure no other processes can get the data  It should not write data to disk, and clear it's data frequently,  Also, it should not be operational on login screens, and it could turn itself off after regular behavior is established, and turn on after a timer.

** implementation level**
I think this could be a part of the x input system...  it could also be done as a terminal or shell..



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)