I think a lot of this is just guess work if we don't know what the purpose is. Is this to protect a login form on a web site?<br>One thing that I've always wondered is how well a site that has good state management will fair against a brute force attempt.<br>
If the user must go through 2-3 actions to login, it should be pretty easy to determine if that sequence is being repeated more<br>than is normal for a human as the system can track the progress of where the user 'is' on the server side.<br>
-isaac<br><br><br><div class="gmail_quote">On Wed, Mar 26, 2008 at 3:28 PM, Andre Gironda <<a href="mailto:andreg@gmail.com">andreg@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Mon, Mar 24, 2008 at 2:04 PM, <<a href="mailto:dan@geer.org">dan@geer.org</a>> wrote:<br>
> I would like to RTFM on alternatives to CAPTCHAs,<br>
<br>
</div>I recall sending this link to Robert Auger when he was interested in<br>
gathering research on the current, "state-of-the-art" in CAPTCHA<br>
technology<br>
<a href="http://www.ocr-research.org.ua" target="_blank">http://www.ocr-research.org.ua</a><br>
<br>
Do per-page tokens or another solution even partly solve the problem<br>
you are trying to solve?<br>
<br>
Cheers,<br>
<font color="#888888">Andre<br>
</font><div><div></div><div class="Wj3C7c">_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunitysec.com">Dailydave@lists.immunitysec.com</a><br>
<a href="http://lists.immunitysec.com/mailman/listinfo/dailydave" target="_blank">http://lists.immunitysec.com/mailman/listinfo/dailydave</a><br>
</div></div></blockquote></div><br>