Laboratory Practice – IV BE Computer Engineering

Answers Coding Viva (5) Timely Completion Total Dated Sign

(5) Efficiency (5) (5) (20) of Subject
Teacher

Expected Date of Completion:--------------------------

Actual Date of Completion:-----------------------------

Assignment Group A-2

Problem Definition:
Implement a program to generate and verify CAPTCHA image.

2.1 Prerequisite:

Basics of PYTHON

2.2 Learning Objectives:

1. Understand the use of CAPTCHA Image.
2. Generation and Verification of it.

2.3New Concepts:
1. CAPTCHA generation
2. Functions used like RANDOM

2.4 Theory

2.4.1 Introduction

A CAPTCHA (an acronym for "Completely Automated Public Turing test to tell Computers
and Humans Apart") is a type of challenge-response test used in computing to determine
whether or not the user is human. The most common type of CAPTCHA was first invented
by Mark D. Lillibridge, Martin Abadi, Krishna Bharat and Andrei Z. Broder. This form of
CAPTCHA requires that the user type the letters of a distorted image, sometimes with the
addition of an obscured sequence of letters or digits that appears on the screen. Because
the test is administered by a computer, in contrast to the standard Turing test that is

1
Laboratory Practice – IV BE Computer Engineering

administered by a human, a CAPTCHA is sometimes described as a reverse Turing test.

Actually CAPTCHA is used as a simple puzzle hurdle, which restricts various automated
programs to sign-up E-mail accounts, cracking passwords, spam sending, privacy violation

etc. This CAPTCHA actually challenges a particular automated program, which is trying to
access some private zone. So, CAPTCHA helps in preventing access of personal mail
accounts by some un-authorized automated spamming programs

2.4.2 Characteristics:-

CAPTCHAs are by definition fully automated, requiring little human maintenance or

intervention to administer. This has obvious benefits in cost and reliability.

By definition, the algorithm used to create the CAPTCHA must be made public, though it
may be covered by a patent. This is done to demonstrate that breaking it requires the
solution to a difficult problem in the field of artificial intelligence (AI) rather than just the
discovery of the (secret) algorithm, which could be obtained through reverse engineering
or other means.

Modern text-based CAPTCHAS are designed such that they require the simultaneous use of
three separate abilities—invariant recognition, segmentation, and parsing—to correctly
complete the task with any consistency.

1. Invariant recognition refers to the ability to recognize the large amount of variation
in the shapes of letters. There are nearly an infinite number of versions for each
character that a human brain can successfully identify. The same is not true for a
computer, and teaching it to recognize all those differing formations is an extremely
challenging task.
2. Segmentation, or the ability to separate one letter from another, is also made
difficult in CAPTCHAs, as characters are crowded together with no white space in
between.
3. Context is also critical. The CAPTCHA must be understood holistically to correctly
identify each character. For example, in one segment of a CAPTCHA, a letter might

2
Laboratory Practice – IV BE Computer Engineering

look like an “m.” Only when the whole word is taken into context does it become
clear that it is a “u” and an “n.”

Each of these problems pose a significant challenge for a computer, even in isolation. The
presence of all three at the same time is what makes CAPTCHAs difficult to solve.

2.4.3 Why we Prefer Captcha rather other security measures?

1. To Protect Website’s Registration Forms –

Many Websites like Hotmail, Gmail, Yahoo, Facebook etc. offers free free registration. It is
necessary to protect these website’s registrations so that it ensures the registered user is a
human not a program or bot. Captcha Code is used to protect the Registration Form
Submission Programmatically.

Figure 1:- Gmail Registration Form Captcha Code Image Screen Capture

2. To Prevent Comment Spams in Blogs –

Captcha Code is used in the comment form so that only human can comment on a post
otherwise spammers can flood hundreds of comments to a single post.
3. To Protect Email Address Scrapping –
Spammers crawl the web in the search of Email address posted in the clear text (e.g.
[email protected]). You can protect your email address either by using Captcha to hide
the email address, one can solve the Captcha before showing the Email address or by using

alternative trick to post Email Address in the format of email at website dot com.
4. To Protect from Search Engine Bots –
Many Html tags are available to specifying indexing condition to Search engine bots. To

3
 Laboratory Practice – IV BE Computer Engineering

prevent a website or specific webpage from search engine crawling, it is desirable to use
html meta tag but sometimes it is not completely sure that the webpage is fully protected
from search engine crawlers and large companies who needs a high security uses Captcha
rather than to use only meta tags to protect their highly public protected and confidential
Web Pages.

2.4.4 Application of CAPTCHA:-

Applications of CAPTCHAs

CAPTCHAs have several applications for practical security:

Preventing Comment Spam in Blogs. Most bloggers are familiar with programs
that submit bogus comments, usually for the purpose of raising search engine ranks

of some website (e.g., "buy penny stocks here"). This is called comment spam. By
using a CAPTCHA, only humans can enter comments on a blog. There is no need to
make users sign up before they enter a comment, and no legitimate comments are
ever lost!
Protecting Website Registration. Several companies (Yahoo!, Microsoft, etc.) offer
free email services. Up until a few years ago, most of these services suffered from a
specific type of attack: "bots" that would sign up for thousands of email accounts
every minute. The solution to this problem was to use CAPTCHAs to ensure that
only humans obtain free accounts. In general, free services should be protected with
a CAPTCHA in order to prevent abuse by automated scripts.
Protecting Email Addresses From Scrapers. Spammers crawl the Web in search
of email addresses posted in clear text. CAPTCHAs provide an effective mechanism
to hide your email address from Web scrapers. The idea is to require users to solve a
CAPTCHA before showing your email address.
Online Polls. In November 1999, http://www.slashdot.org released an online poll
asking which was the best graduate school in computer science (a dangerous
question to ask over the web!). As is the case with most online polls, IP addresses of
voters were recorded in order to prevent single users from voting more than once.

4
Laboratory Practice – IV BE Computer Engineering

However, students at Carnegie Mellon found a way to stuff the ballots using
programs that voted for CMU thousands of times. CMU's score started growing
rapidly. The next day, students at MIT wrote their own program and the poll became
a contest between voting "bots." MIT finished with 21,156 votes, Carnegie Mellon
with 21,032 and every other school with less than 1,000. Can the result of any online
poll be trusted? Not unless the poll ensures that only humans can vote.
Preventing Dictionary Attacks. CAPTCHAs can also be used to prevent dictionary
attacks in password systems. The idea is simple: prevent a computer from being
able to iterate through the entire space of passwords by requiring it to solve a
CAPTCHA after a certain number of unsuccessful logins. This is better than the
classic approach of locking an account after a sequence of unsuccessful logins, since
doing so allows an attacker to lock accounts at will.

Search Engine Bots. It is sometimes desirable to keep WebPages unindexed to

prevent others from finding them easily. There is an html tag to prevent search
engine bots from reading web pages. The tag, however, doesn't guarantee that bots
won't read a web page; it only serves to say "no bots, please." Search engine bots,
since they usually belong to large companies, respect web pages that don't want to
allow them in. However, in order to truly guarantee that bots won't enter a web site,
CAPTCHAs are needed.
Worms and Spam. CAPTCHAs also offer a plausible solution against email worms
and spam: "I will only accept an email if I know there is a human behind the other
computer." A few companies are already marketing this idea.

2.4.5 Advantages:
1. Distinguishes between a human and a machine
2. Makes online polls more legitimate
3. Reduces spam and viruses
4. Makes online shopping safer
5. Diminishes abuse of free email account services

5
Laboratory Practice – IV BE Computer Engineering

2.4.6 Disadvantages:
1. Sometimes very difficult to read
2. Are not compatible with users with disabilities
3. Time-consuming to decipher
4. Technical difficulties with certain internet browsers
5. May greatly enhance Artificial Intelligence

2.5 Algorithm:
1. Start
2. Install captcha in python by this command : pip install captcha
3. Import image.captcha from ImageCaptcha
4. Generate captcha by generate(captcha_text) function
5. For randomly captcha generation use function random.randint()
6. Create an image to write a captcha text
7. End

5.7 Assignment Questions:

1. What is Full Form of CAPTCHA?

2. Write down different forms of CAPTCHA?
3. Why CAPTCHA is needed?
4. Explain the uses of different captcha as per Requirement?

Conclusion:

Hence we conclude that CAPTCHA is used to distinguished Human and Machine and
Provide Security to Programs.