you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (7 children)

fancy shit. does anyone have these moving captchas in use today?

[–]magnora7[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (6 children)

That's a cool idea. I could probably cook something up maybe, like 2 grids and the letters, each rotating independently, all the same color on top of each other, with some animated wavy effects distorting all that.

I found this code available, view the demo, we could modify this maybe: https://www.codeseek.co/martingrand/animated-captcha-concept-WxPZVY?lang=en

That was the only one I could find, everything else was research papers

[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (5 children)

Nice, I bet that would work much better than what we have in place now to stop bots and scripts and non-humans.

[–]magnora7[S] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (4 children)

Yeah I agree, I'm down to swap out our captcha with this animated one if that's an easily doable thing

[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (3 children)

Hhahaa nothing is easy around here. You'd also have to figure out a secure way to get the captcha secret into the js widget in the first place, without a scripted browser being able to read it. I didn't dig into how the demo does it. With a plan image, all the user ever has access to is the image itself.

[–]magnora7[S] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (2 children)

Yeah true. I have no idea how any of that works. I looked it up and apparently it is impossible to hide js code from the end user. So in theory they could always download the js file and look at the password being presented. But maybe that could be obfuscated somehow

[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (1 child)

if this were done with SVG instead, you could deliver from the server a confusing looking SVG payload which is the password but as its rendered coordinates/vector art data. then you add two other wrong passwords to it too, and it would be very hard to decode by a bot, although possible. then you can animate it and change text colors and all sorts of fancy shit once your js kicks in.

[–]magnora7[S] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

that sounds like a smart way to do it